Security Advisory

CVE-2021-25978

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2021-11-07 17:15:10

Last updated 2025-04-30 15:52:43

Assigner Mend

State PUBLISHED

Description

Apostrophe CMS versions between 2.63.0 to 3.3.1 are vulnerable to Stored XSS where an editor uploads an SVG file that contains malicious JavaScript onto the Images module, which triggers XSS once viewed.

← Browse all CVEs View on cve.org ↗