ApostropheCMS is an open-source Node.js content management system. Versions up to and including 4.29.0 are vulnerable to stored cross-site scripting via unsanitized user display name in draft version tooltip. As of time of publication, no known patched versions are available.
History

Mon, 15 Jun 2026 18:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Sat, 13 Jun 2026 12:45:00 +0000

Type Values Removed Values Added
First Time appeared Apostrophecms
Apostrophecms apostrophecms
Vendors & Products Apostrophecms
Apostrophecms apostrophecms

Fri, 12 Jun 2026 21:00:00 +0000

Type Values Removed Values Added
Description ApostropheCMS is an open-source Node.js content management system. Versions up to and including 4.29.0 are vulnerable to stored cross-site scripting via unsanitized user display name in draft version tooltip. As of time of publication, no known patched versions are available.
Title Apostrophe Vulnerable to Stored Cross-Site Scripting via Unsanitized User Display Name in Draft Version Tooltip
Weaknesses CWE-79
References
Metrics cvssV4_0

{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2026-06-12T20:48:32.921Z

Updated: 2026-06-15T17:55:54.492Z

Reserved: 2026-05-08T16:58:28.895Z

Link: CVE-2026-45014

cve-icon Vulnrichment

Updated: 2026-06-15T17:55:50.139Z

cve-icon NVD

Status : Deferred

Published: 2026-06-12T21:16:22.990

Modified: 2026-06-15T20:54:05.470

Link: CVE-2026-45014

cve-icon Redhat

No data.