CVE-2021-26540
MEDIUMApostrophe Technologies sanitize-html <2.3.2 - Open Redirect
Title source: llmDescription
Apostrophe Technologies sanitize-html before 2.3.2 does not properly validate the hostnames set by the "allowedIframeHostnames" option when the "allowIframeRelativeUrls" is set to true, which allows attackers to bypass hostname whitelist for iframe element, related using an src value that starts with "/\\example.com".
References (3)
Core 3
Core References
Release Notes, Third Party Advisory x_refsource_misc
https://github.com/apostrophecms/sanitize-html/blob/main/CHANGELOG.md#232-2021-01-26
Patch, Third Party Advisory x_refsource_misc
https://github.com/apostrophecms/sanitize-html/pull/460
Exploit, Patch, Third Party Advisory x_refsource_misc
https://advisory.checkmarx.net/advisory/CX-2021-4309
Scores
CVSS v3
5.3
EPSS
0.0029
EPSS Percentile
52.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Details
Status
published
Products (2)
apostrophecms/sanitize-html
< 2.3.2
npm/sanitize-html
0 - 2.3.2npm
Published
Feb 08, 2021
Tracked Since
Feb 18, 2026