apostrophe
14 known vulnerabilities · 1 critical · 0 high
ApostropheCMS: Information Disclosure via choices/counts Query Parameters Bypassing publicApiProjection Field Restrictions
Apostrophe CMS Insufficient Session Expiration vulnerability
ApostropheCMS: User Enumeration via Timing Side Channel in Password Reset Endpoint
Stored XSS in SEO Fields Leads to Authenticated API Data Exposure in ApostropheCMS
ApostropheCMS MFA/TOTP Bypass via Incorrect MongoDB Query in Bearer Token Middleware
Apostrophe has stored XSS via javascript: URL in Image Widget Link
Apostrophe has authenticated SSRF in rich-text widget import via @apostrophecms/area/validate-widget
ApostropheCMS: publicApiProjection Bypass via project Query Builder in Piece-Type REST API
Apostrophe has a Weak Password Recovery Mechanism for Forgotten Password and Improper Input Validation
ApostropheCMS: Stored XSS via CSS Custom Property Injection in @apostrophecms/color-field Escaping Style Tag Context
ApostropheCMS has Arbitrary File Write (Zip Slip / Path Traversal) in Import-Export Gzip Extraction
@apostrophecms/cli: Command Injection in apos create via Unsanitized Password Input
Apostrophe has default XSS via `xmp` raw-text passthrough in `sanitize-html`