Stored XSS Vulnerability in Apostrophe CMS Versions 2.63.0 to 3.3.1 via Malicious SVG Upload

CVE-2021-25978 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Apostrophe CMS versions between 2.63.0 to 3.3.1 are vulnerable to Stored XSS where an editor uploads an SVG file that contains malicious JavaScript onto the Images module, which triggers XSS once viewed.

Learn more about our Cms Pen Testing.