Apostrophecms Sanitize-html — known CVE vulnerabilities
Every CVE whose affected-product data names Apostrophecms Sanitize-html, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (8)
CVE-2014-125128 — CVSS 6.1 (medium): 'sanitize-html' prior to version 1.0.3 is vulnerable to Cross-site Scripting (XSS). The function 'naughtyHref' doesn't properly validate…
CVE-2019-25225 — CVSS 6.1 (medium): `sanitize-html` prior to version 2.0.0-beta is vulnerable to Cross-site Scripting (XSS). The `sanitizeHtml()` function in `index.js` does…
CVE-2026-40186 — CVSS 6.1 (medium): ApostropheCMS is an open-source Node.js content management system. A regression introduced in commit 49d0bb7, included in versions 2.17.1…
CVE-2021-26540 — CVSS 5.3 (medium): Apostrophe Technologies sanitize-html before 2.3.2 does not properly validate the hostnames set by the "allowedIframeHostnames" option when…
CVE-2022-25887 — CVSS 5.3 (medium): The package sanitize-html before 2.7.1 are vulnerable to Regular Expression Denial of Service (ReDoS) due to insecure global regular…
CVE-2024-21501 — CVSS 5.3 (medium): Versions of the package sanitize-html before 2.12.1 are vulnerable to Information Exposure when used on the backend and with the style…
CVE-2021-26539 — CVSS 5.3 (medium): Apostrophe Technologies sanitize-html before 2.3.1 does not properly handle internationalized domain name (IDN) which could allow an…