CVE-2026-53606 | apostrophecms apostrophe up to 2.17.4 API naughtyHref cross site scripting (GHSA-vccv-cmxp-4j9h)

Inserito da Angelo Barbosa | Giu 13, 2026 | CVE

A vulnerability categorized as problematic has been discovered in apostrophecms apostrophe up to 2.17.4. This affects the function naughtyHref of the component API. The manipulation results in cross site scripting.

This vulnerability is reported as CVE-2026-53606. The attack can be launched remotely. No exploit exists.

It is advisable to upgrade the affected component.

CVE-2026-53606 | apostrophecms apostrophe up to 2.17.4 API naughtyHref cross site scripting (GHSA-vccv-cmxp-4j9h)

Post correlati

CVE-2025-62716 | makeplane up to 1.0.x next_path cross site scripting (GHSA-6fj7-xgpg-mj6f)

CVE-2023-7017 | Kontrol Lux Lock Firmware Update code download (VU#949046)

CVE-2024-45299 | alfio-event alf.io up to 2.0-M4 Content Security Policy escape output (GHSA-mcx6-25f8-8rqw)

CVE-2024-8088 | Python CPython up to 3.13.0 zipfile Module namelist/iterdir/extractall infinite loop (ID 122905)