CVE-2026-33889 | apostrophe up to 4.28.x launder.string Color cross site scripting (GHSA-97v6-998m-fp4g)

A vulnerability classified as problematic was found in apostrophe up to 4.28.x. Affected is the function launder.string. The manipulation of the argument Color results in cross site scripting.

This vulnerability is known as CVE-2026-33889. It is possible to launch the attack remotely. No exploit is available.

Upgrading the affected component is advised.VulDB Recent EntriesRead More