Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: GSA_kwCzR0hTQS00cjljLWpnaGMtY3g1bc0W8Q

Cross-site Scripting in apostrophe

Apostrophe CMS versions between 2.63.0 to 3.3.1 are vulnerable to Stored XSS where an editor uploads an SVG file that contains malicious JavaScript onto the Images module, which triggers XSS once viewed.

Permalink: https://github.com/advisories/GHSA-4r9c-jghc-cx5m
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS00cjljLWpnaGMtY3g1bc0W8Q
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: over 2 years ago
Updated: about 1 year ago

CVSS Score: 5.4
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Identifiers: GHSA-4r9c-jghc-cx5m, CVE-2021-25978
References:

Repository: https://github.com/apostrophecms/apostrophe
Blast Radius: 11.7

Affected Packages

npm:apostrophe

Dependent packages: 52
Dependent repositories: 147
Downloads: 7,749 last month
Affected Version Ranges: >= 2.63.0, < 3.4.0
Fixed in: 3.4.0
All affected versions: 2.63.0, 2.64.0, 2.64.1, 2.65.0, 2.66.0, 2.67.0, 2.68.0, 2.68.1, 2.69.0, 2.69.1, 2.70.0, 2.70.1, 2.71.0, 2.71.1, 2.72.0, 2.72.1, 2.72.2, 2.72.3, 2.73.0, 2.74.0, 2.75.0, 2.75.1, 2.76.0, 2.76.1, 2.77.0, 2.77.1, 2.77.2, 2.78.0, 2.79.0, 2.80.0, 2.81.0, 2.81.1, 2.81.2, 2.82.0, 2.83.0, 2.83.1, 2.84.0, 2.84.1, 2.85.0, 2.86.0, 2.87.0, 2.88.0, 2.88.1, 2.89.0, 2.89.1, 2.90.0, 2.91.0, 2.91.1, 2.92.0, 2.92.1, 2.93.0, 2.94.0, 2.94.1, 2.95.0, 2.95.1, 2.96.0, 2.96.1, 2.96.2, 2.97.0, 2.97.1, 2.97.2, 2.98.0, 2.98.1, 2.99.0, 2.100.0, 2.100.1, 2.100.2, 2.101.0, 2.101.1, 2.102.0, 2.102.1, 2.102.2, 2.102.3, 2.102.4, 2.102.5, 2.103.0, 2.103.1, 2.104.0, 2.105.0, 2.105.1, 2.105.2, 2.106.0, 2.106.1, 2.106.2, 2.106.3, 2.107.0, 2.107.1, 2.107.2, 2.108.0, 2.108.1, 2.109.0, 2.110.0, 2.111.0, 2.111.1, 2.111.2, 2.111.3, 2.111.4, 2.112.0, 2.112.1, 2.113.0, 2.113.1, 2.113.2, 2.113.3, 2.114.0, 2.115.0, 2.115.1, 2.116.0, 2.116.1, 2.117.0, 2.117.1, 2.118.0, 2.119.0, 2.119.1, 2.220.0, 2.220.1, 2.220.2, 2.220.3, 2.220.4, 2.220.5, 2.220.6, 2.220.7, 2.220.9, 2.221.0, 2.221.2, 2.222.0, 2.223.0, 2.223.1, 2.224.0, 2.225.0, 2.226.0, 2.227.0, 2.227.1, 2.227.2, 2.227.3, 2.227.4, 2.227.5, 2.227.6, 3.0.0, 3.0.1, 3.1.0, 3.1.1, 3.1.2, 3.1.3, 3.2.0, 3.3.0, 3.3.1
All unaffected versions: 0.3.3, 0.3.4, 0.3.5, 0.3.6, 0.3.7, 0.3.8, 0.3.9, 0.3.10, 0.3.11, 0.3.12, 0.3.13, 0.3.14, 0.3.16, 0.3.18, 0.3.19, 0.4.0, 0.4.1, 0.4.2, 0.4.3, 0.4.4, 0.4.5, 0.4.6, 0.4.7, 0.4.8, 0.4.9, 0.4.10, 0.4.11, 0.4.12, 0.4.13, 0.4.14, 0.4.15, 0.4.16, 0.4.17, 0.4.18, 0.4.19, 0.4.20, 0.4.21, 0.4.22, 0.4.23, 0.4.24, 0.4.25, 0.4.26, 0.4.27, 0.4.28, 0.4.29, 0.4.30, 0.4.31, 0.4.32, 0.4.33, 0.4.34, 0.4.35, 0.4.36, 0.4.37, 0.4.38, 0.4.39, 0.4.40, 0.4.41, 0.4.42, 0.4.43, 0.4.44, 0.4.45, 0.4.46, 0.4.47, 0.4.48, 0.4.49, 0.4.50, 0.4.51, 0.4.52, 0.4.53, 0.4.54, 0.4.55, 0.4.56, 0.4.57, 0.4.58, 0.4.59, 0.4.60, 0.4.61, 0.4.62, 0.4.63, 0.4.64, 0.4.65, 0.4.66, 0.4.67, 0.4.68, 0.4.69, 0.4.70, 0.4.71, 0.4.72, 0.4.73, 0.4.74, 0.4.75, 0.4.76, 0.4.77, 0.4.78, 0.4.79, 0.4.80, 0.4.81, 0.4.82, 0.4.83, 0.4.84, 0.4.85, 0.4.86, 0.4.87, 0.4.88, 0.4.89, 0.4.90, 0.4.91, 0.4.92, 0.4.93, 0.4.94, 0.4.95, 0.4.96, 0.4.97, 0.4.98, 0.4.99, 0.4.100, 0.4.101, 0.4.102, 0.4.103, 0.4.104, 0.4.105, 0.4.106, 0.4.107, 0.4.108, 0.4.109, 0.4.110, 0.4.111, 0.4.112, 0.4.113, 0.4.114, 0.4.115, 0.4.116, 0.4.117, 0.4.118, 0.4.119, 0.4.120, 0.4.121, 0.4.122, 0.4.123, 0.4.124, 0.4.125, 0.4.126, 0.4.127, 0.4.128, 0.4.129, 0.4.130, 0.4.131, 0.4.132, 0.4.133, 0.4.134, 0.4.135, 0.4.136, 0.4.137, 0.4.138, 0.4.139, 0.4.140, 0.4.142, 0.4.143, 0.4.144, 0.4.145, 0.4.146, 0.4.147, 0.4.148, 0.4.149, 0.4.152, 0.4.154, 0.4.155, 0.4.156, 0.4.157, 0.4.158, 0.4.159, 0.4.160, 0.4.161, 0.4.162, 0.4.163, 0.4.164, 0.4.165, 0.4.166, 0.4.167, 0.4.168, 0.4.169, 0.4.170, 0.4.171, 0.4.172, 0.4.173, 0.4.174, 0.4.175, 0.4.176, 0.4.177, 0.4.179, 0.4.180, 0.4.181, 0.4.182, 0.4.183, 0.4.184, 0.4.185, 0.4.186, 0.4.187, 0.4.188, 0.4.189, 0.4.190, 0.4.191, 0.4.192, 0.4.194, 0.4.195, 0.4.196, 0.4.197, 0.4.198, 0.4.199, 0.4.200, 0.4.201, 0.4.202, 0.4.203, 0.4.204, 0.4.205, 0.4.206, 0.4.207, 0.4.208, 0.4.209, 0.4.210, 0.4.211, 0.4.212, 0.4.213, 0.4.214, 0.4.215, 0.4.216, 0.4.217, 0.4.218, 0.4.219, 0.4.220, 0.4.221, 0.4.222, 0.4.223, 0.4.224, 0.4.225, 0.4.227, 0.4.228, 0.4.229, 0.4.230, 0.4.231, 0.4.232, 0.4.233, 0.4.234, 0.4.235, 0.4.236, 0.4.237, 0.4.238, 0.4.239, 0.4.240, 0.4.241, 0.5.0, 0.5.1, 0.5.2, 0.5.4, 0.5.5, 0.5.6, 0.5.7, 0.5.8, 0.5.9, 0.5.10, 0.5.11, 0.5.12, 0.5.13, 0.5.14, 0.5.15, 0.5.16, 0.5.17, 0.5.18, 0.5.19, 0.5.20, 0.5.21, 0.5.22, 0.5.23, 0.5.24, 0.5.25, 0.5.26, 0.5.27, 0.5.28, 0.5.29, 0.5.30, 0.5.31, 0.5.32, 0.5.33, 0.5.34, 0.5.35, 0.5.36, 0.5.37, 0.5.38, 0.5.39, 0.5.40, 0.5.41, 0.5.42, 0.5.43, 0.5.44, 0.5.45, 0.5.46, 0.5.47, 0.5.48, 0.5.49, 0.5.50, 0.5.51, 0.5.52, 0.5.53, 0.5.54, 0.5.55, 0.5.56, 0.5.57, 0.5.58, 0.5.59, 0.5.60, 0.5.61, 0.5.62, 0.5.63, 0.5.64, 0.5.65, 0.5.66, 0.5.67, 0.5.69, 0.5.70, 0.5.71, 0.5.72, 0.5.73, 0.5.74, 0.5.75, 0.5.76, 0.5.77, 0.5.78, 0.5.79, 0.5.80, 0.5.81, 0.5.82, 0.5.83, 0.5.84, 0.5.85, 0.5.86, 0.5.87, 0.5.88, 0.5.89, 0.5.90, 0.5.91, 0.5.92, 0.5.93, 0.5.94, 0.5.95, 0.5.96, 0.5.97, 0.5.98, 0.5.99, 0.5.100, 0.5.101, 0.5.102, 0.5.103, 0.5.104, 0.5.105, 0.5.106, 0.5.107, 0.5.108, 0.5.109, 0.5.110, 0.5.111, 0.5.112, 0.5.113, 0.5.114, 0.5.115, 0.5.116, 0.5.117, 0.5.118, 0.5.119, 0.5.120, 0.5.121, 0.5.122, 0.5.123, 0.5.124, 0.5.125, 0.5.126, 0.5.127, 0.5.128, 0.5.129, 0.5.130, 0.5.131, 0.5.133, 0.5.134, 0.5.135, 0.5.136, 0.5.137, 0.5.138, 0.5.139, 0.5.140, 0.5.141, 0.5.142, 0.5.143, 0.5.144, 0.5.145, 0.5.146, 0.5.147, 0.5.148, 0.5.149, 0.5.150, 0.5.151, 0.5.152, 0.5.153, 0.5.155, 0.5.156, 0.5.157, 0.5.158, 0.5.159, 0.5.160, 0.5.161, 0.5.162, 0.5.163, 0.5.164, 0.5.165, 0.5.166, 0.5.167, 0.5.168, 0.5.169, 0.5.170, 0.5.171, 0.5.172, 0.5.174, 0.5.175, 0.5.176, 0.5.177, 0.5.178, 0.5.179, 0.5.181, 0.5.182, 0.5.183, 0.5.184, 0.5.185, 0.5.186, 0.5.187, 0.5.188, 0.5.189, 0.5.190, 0.5.191, 0.5.192, 0.5.193, 0.5.194, 0.5.195, 0.5.196, 0.5.197, 0.5.198, 0.5.199, 0.5.200, 0.5.201, 0.5.202, 0.5.203, 0.5.204, 0.5.205, 0.5.206, 0.5.207, 0.5.208, 0.5.209, 0.5.210, 0.5.211, 0.5.212, 0.5.213, 0.5.214, 0.5.215, 0.5.216, 0.5.217, 0.5.218, 0.5.219, 0.5.220, 0.5.221, 0.5.222, 0.5.223, 0.5.224, 0.5.225, 0.5.226, 0.5.227, 0.5.228, 0.5.229, 0.5.230, 0.5.231, 0.5.232, 0.5.233, 0.5.234, 0.5.235, 0.5.236, 0.5.237, 0.5.238, 0.5.239, 0.5.240, 0.5.241, 0.5.242, 0.5.243, 0.5.244, 0.5.245, 0.5.246, 0.5.247, 0.5.248, 0.5.249, 0.5.250, 0.5.251, 0.5.252, 0.5.253, 0.5.254, 0.5.255, 0.5.256, 0.5.257, 0.5.258, 0.5.259, 0.5.260, 0.5.261, 0.5.262, 0.5.263, 0.5.264, 0.5.265, 0.5.266, 0.5.267, 0.5.268, 0.5.269, 0.5.270, 0.5.271, 0.5.272, 0.5.273, 0.5.274, 0.5.275, 0.5.276, 0.5.277, 0.5.278, 0.5.279, 0.5.280, 0.5.281, 0.5.282, 0.5.283, 0.5.284, 0.5.285, 0.5.286, 0.5.287, 0.5.288, 0.5.289, 0.5.290, 0.5.291, 0.5.292, 0.5.293, 0.5.294, 0.5.295, 0.5.296, 0.5.297, 0.5.298, 0.5.299, 0.5.300, 0.5.301, 0.5.302, 0.5.303, 0.5.304, 0.5.305, 0.5.306, 0.5.307, 0.5.308, 0.5.309, 0.5.310, 0.5.311, 0.5.312, 0.5.313, 0.5.314, 0.5.315, 0.5.316, 0.5.317, 0.5.318, 0.5.319, 0.5.320, 0.5.321, 0.5.322, 0.5.323, 0.5.324, 0.5.325, 0.5.326, 0.5.327, 0.5.328, 0.5.329, 0.5.330, 0.5.331, 0.5.332, 0.5.333, 0.5.334, 0.5.335, 0.5.336, 0.5.337, 0.5.338, 0.5.339, 0.5.340, 0.5.341, 0.5.342, 0.5.343, 0.5.344, 0.5.345, 0.5.346, 0.5.347, 0.5.348, 0.5.349, 0.5.350, 0.5.351, 0.5.352, 0.5.353, 0.5.354, 0.5.355, 0.5.356, 0.5.357, 0.5.358, 0.5.359, 0.5.360, 0.5.361, 0.5.362, 0.5.363, 0.5.364, 0.5.367, 0.5.368, 0.5.369, 0.5.370, 0.5.371, 0.5.372, 0.5.373, 0.5.374, 0.5.375, 0.5.376, 0.5.377, 0.5.378, 0.5.379, 0.5.380, 0.5.381, 0.5.382, 0.5.383, 0.5.384, 0.5.385, 0.5.386, 0.5.387, 0.5.388, 0.5.389, 0.5.390, 0.5.391, 0.5.392, 0.5.393, 2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.1.0, 2.1.1, 2.1.2, 2.1.3, 2.1.4, 2.1.5, 2.2.0, 2.2.1, 2.2.2, 2.3.0, 2.3.1, 2.3.2, 2.4.0, 2.5.0, 2.5.1, 2.5.2, 2.6.0, 2.6.1, 2.6.2, 2.7.0, 2.8.0, 2.9.0, 2.9.1, 2.9.2, 2.10.0, 2.10.1, 2.10.2, 2.10.3, 2.11.0, 2.12.0, 2.13.0, 2.13.1, 2.13.2, 2.14.0, 2.14.1, 2.14.2, 2.15.0, 2.15.1, 2.15.2, 2.16.0, 2.16.1, 2.17.0, 2.17.1, 2.17.2, 2.18.0, 2.18.1, 2.18.2, 2.19.0, 2.19.1, 2.20.0, 2.20.1, 2.20.2, 2.20.3, 2.21.0, 2.22.0, 2.22.1, 2.23.0, 2.23.1, 2.23.2, 2.24.0, 2.25.0, 2.25.1, 2.26.0, 2.26.1, 2.27.0, 2.27.1, 2.28.0, 2.29.0, 2.29.1, 2.29.2, 2.30.0, 2.31.0, 2.32.0, 2.33.0, 2.33.1, 2.34.0, 2.34.1, 2.34.2, 2.34.3, 2.35.0, 2.35.1, 2.36.0, 2.36.1, 2.36.2, 2.36.3, 2.37.0, 2.37.1, 2.37.2, 2.38.0, 2.39.0, 2.39.1, 2.39.2, 2.40.0, 2.41.0, 2.42.0, 2.42.1, 2.43.0, 2.44.0, 2.45.0, 2.46.0, 2.46.1, 2.47.0, 2.48.0, 2.49.0, 2.50.0, 2.51.0, 2.51.1, 2.52.0, 2.53.0, 2.54.0, 2.54.1, 2.54.2, 2.54.3, 2.55.0, 2.55.1, 2.55.2, 2.56.0, 2.57.0, 2.57.1, 2.57.2, 2.58.0, 2.59.0, 2.59.1, 2.60.0, 2.60.1, 2.60.2, 2.60.3, 2.60.4, 2.61.0, 2.62.0, 3.4.0, 3.4.1, 3.5.0, 3.6.0, 3.7.0, 3.8.0, 3.8.1, 3.9.0, 3.10.0, 3.11.0, 3.12.0, 3.13.0, 3.14.0, 3.14.1, 3.14.2, 3.15.0, 3.16.0, 3.16.1, 3.17.0, 3.18.0, 3.18.1, 3.19.0, 3.20.0, 3.20.1, 3.21.0, 3.21.1, 3.22.0, 3.22.1, 3.23.0, 3.24.0, 3.25.0, 3.26.0, 3.26.1, 3.27.0, 3.28.0, 3.28.1, 3.29.0, 3.29.1, 3.30.0, 3.31.0, 3.32.0, 3.33.0, 3.34.0, 3.35.0, 3.36.0, 3.37.0, 3.38.0, 3.38.1, 3.39.0, 3.39.1, 3.39.2, 3.40.0, 3.40.1, 3.41.0, 3.41.1, 3.42.0, 3.43.0, 3.44.0, 3.45.0, 3.45.1, 3.46.0, 3.47.0, 3.48.0, 3.49.0, 3.50.0, 3.51.0, 3.51.1, 3.52.0, 3.53.0, 3.54.0, 3.55.0, 3.55.1, 3.56.0, 3.57.0, 3.58.0, 3.58.1, 3.59.0, 3.59.1, 3.60.0, 3.60.1, 3.61.0, 3.61.1, 3.62.0, 3.63.0, 3.63.1, 3.63.2, 3.63.3, 3.64.0, 4.0.0, 4.1.0, 4.1.1, 4.2.0, 4.2.1