Apostrophe Technologies sanitize-html before 2.3.1 does not properly handle internationalized domain name (IDN) which could allow an attacker to bypass hostname whitelist validation set by the allowedIframeHostnames option.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Sanitize-html | Apostrophecms | * | * |