Exposição de ApostropheCMS
CMS41
score de exposição
354
sites usam
0
em exploração
3
críticos
CVEs
18 resultadosCVE-2026-33888MEDIUMApostropheCMS: publicApiProjection Bypass via `project` Query Builder in Piece-Type REST APIEPSS 0.5%CVE-2026-39857MEDIUMInformation Disclosure via `choices`/`counts` Query Parameters Bypassing publicApiProjection Field RestrictionsEPSS 0.4%CVE-2026-32731CRITICALApostropheCMS has Arbitrary File Write (Zip Slip / Path Traversal) in Import-Export Gzip ExtractionEPSS 0.4%CVE-2026-42853MEDIUM@apostrophecms/cli: Command Injection in apos create via Unsanitized Password InputEPSS 0.4%CVE-2026-33877LOWApostropheCMS: User Enumeration via Timing Side Channel in Password Reset EndpointEPSS 0.4%CVE-2026-32730HIGHApostropheCMS MFA/TOTP Bypass via Incorrect MongoDB Query in Bearer Token MiddlewareEPSS 0.4%CVE-2026-44990CRITICALApostrophe has default XSS via `xmp` raw-text passthrough in `sanitize-html`EPSS 0.3%CVE-2026-35569HIGHApostropheCMS: Stored XSS in SEO Fields Leads to Authenticated API Data Exposure in ApostropheCMSEPSS 0.3%CVE-2026-45014MEDIUMApostrophe Vulnerable to Stored Cross-Site Scripting via Unsanitized User Display Name in Draft Version TooltipEPSS 0.3%CVE-2026-45013HIGHApostrophe has a Weak Password Recovery Mechanism for Forgotten Password and Improper Input ValidationEPSS 0.3%CVE-2026-53609CRITICALApostrophe has Server-Side Prototype Pollution in apos.util.set via patch operators that leads to process-wide authorization bypassEPSS 0.2%CVE-2026-40186MEDIUMApostropheCMS: sanitize-html allowedTags Bypass via Entity-Decoded Text in nonTextTags ElementsEPSS 0.2%CVE-2026-53607LOW@apostrophecms/file pretty-URL Vulnerable to Unauthenticated SSRF via Host headerEPSS 0.2%CVE-2026-45011HIGHApostrophe has stored XSS via javascript: URL in Image Widget LinkEPSS 0.2%CVE-2026-53608HIGH@apostrophecms/seo Vulnerable to Stored XSS via Unsanitized Google Analytics / GTM ID Injected into Script TagEPSS 0.2%CVE-2026-33889MEDIUMApostropheCMS: Stored XSS via CSS Custom Property Injection in `@apostrophecms/color-field` Escaping Style Tag ContextEPSS 0.2%CVE-2026-45012HIGHApostrophe has authenticated SSRF in rich-text widget import via @apostrophecms/area/validate-widgetEPSS 0.2%CVE-2026-53606MEDIUMsanitize-html has an incomplete URI scheme validation that allows javascript: URIs through action, formaction, data, poster, and background attributesEPSS 0.1%
Quer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →