CVE Vulnerabilities

CVE-2021-26539

Published: Feb 08, 2021 | Modified: Apr 26, 2022
CVSS 3.x
5.3
MEDIUM
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
CVSS 2.x
5 MEDIUM
AV:N/AC:L/Au:N/C:N/I:P/A:N
RedHat/V2
RedHat/V3
Ubuntu

Apostrophe Technologies sanitize-html before 2.3.1 does not properly handle internationalized domain name (IDN) which could allow an attacker to bypass hostname whitelist validation set by the allowedIframeHostnames option.

Affected Software

Name Vendor Start Version End Version
Sanitize-html Apostrophecms * *

References