Description
Apostrophe CMS versions between 2.63.0 to 3.3.1 are vulnerable to Stored XSS where an editor uploads an SVG file that contains malicious JavaScript onto the Images module, which triggers XSS once viewed.
Remediation
References
https://github.com/apostrophecms/apostrophe/commit/c8b94ee9c79468f1ce28e31966cb0e0839165e59
Related Vulnerabilities
CVE-2021-40331 Vulnerability in maven package org.apache.ranger:ranger-hive-plugin
CVE-2020-15366 Vulnerability in maven package org.webjars.bowergithub.epoberezkin:ajv
CVE-2021-28165 Vulnerability in maven package org.eclipse.jetty:jetty-io
CVE-2022-36921 Vulnerability in maven package org.jenkins-ci.plugins:coverity
CVE-2020-10683 Vulnerability in maven package org.dom4j:dom4j