pkg:npm/apostrophe

共 11 筆 CVECRITICAL1HIGH5MEDIUM4LOW1

✅ 檢查你的版本

所有已知漏洞

  • CRITICAL9.8CVE-2021-25979Apostrophe CMS Insufficient Session Expiration vulnerability
    >= 2.63.0, < 3.4.0
  • HIGH8.7CVE-2026-35569Stored XSS in SEO Fields Leads to Authenticated API Data Exposure in ApostropheCMS
    from 0, < 4.29.0
  • HIGH8.1CVE-2026-45013Apostrophe has a Weak Password Recovery Mechanism for Forgotten Password and Improper Input Validation
    from 0, <= 4.29.0
  • HIGH8.1CVE-2026-32730ApostropheCMS MFA/TOTP Bypass via Incorrect MongoDB Query in Bearer Token Middleware
    from 0, < 4.28.0
  • HIGH7.6CVE-2026-45012Apostrophe has authenticated SSRF in rich-text widget import via @apostrophecms/area/validate-widget
    from 0, <= 4.29.0
  • HIGH7.3CVE-2026-45011Apostrophe has stored XSS via javascript: URL in Image Widget Link
  • MEDIUM5.4CVE-2026-33889ApostropheCMS: Stored XSS via CSS Custom Property Injection in @apostrophecms/color-field Escaping Style Tag Context
    from 0, < 4.29.0
  • MEDIUM5.4CVE-2021-25978Cross-site Scripting in apostrophe
    >= 2.63.0, < 3.4.0
  • MEDIUM5.3CVE-2026-39857ApostropheCMS: Information Disclosure via choices/counts Query Parameters Bypassing publicApiProjection Field Restrictions
    from 0, < 4.29.0
  • MEDIUM5.3CVE-2026-33888ApostropheCMS: publicApiProjection Bypass via project Query Builder in Piece-Type REST API
    from 0, < 4.29.0
  • LOW3.7CVE-2026-33877ApostropheCMS: User Enumeration via Timing Side Channel in Password Reset Endpoint
    from 0, < 4.29.0