to break out of the intended HTML contex\n\nCVSSv3.1 8.7 (HIGH) · EPSS 10th percentile","commentary":"Versions 4.28.0 and prior contain a stored cross-site scripting vulnerability in SEO-related fields (SEO Title and Meta Description), where user-controlled input is rendered without proper output encoding into HTML contexts including tags, <meta> attributes, and JSON-LD structured data. An attacker can inject a payload such as \"> to break out of the intended HTML context and execute arbitrary JavaScript in the browser of any authenticated user who views the affected page.","cves":["CVE-2026-35569"],"tags":["type:vulnerability","cwe:CWE-79","cwe:CWE-116","vendor:apostrophecms"],"likes_count":0},"tagCategories":{"vendor":{"label":"Vendor","short":"VND","hue":210},"os":{"label":"OS","short":"OS","hue":30},"software":{"label":"Software","short":"SW","hue":290},"type":{"label":"Type","short":"TYP","hue":340},"stage":{"label":"Kill Chain","short":"STG","hue":38},"tactic":{"label":"MITRE Tactic","short":"TAC","hue":268},"technique":{"label":"Technique","short":"TEC","hue":150},"surface":{"label":"Surface","short":"SRF","hue":188},"exploit":{"label":"Exploitation","short":"EXP","hue":18},"status":{"label":"Status","short":"STA","hue":0},"cwe":{"label":"CWE","short":"CWE","hue":54}},"stageLabels":{"recon":"Recon","initial-access":"Initial Access","execution":"Execution","persistence":"Persistence","privesc":"PrivEsc","defense-evasion":"Defense Evasion","cred-access":"Credential Access","discovery":"Discovery","lat-movement":"Lateral Movement","collection":"Collection","c2":"Command & Control","exfil":"Exfiltration","impact":"Impact"},"tacticLabels":{"TA0043":"Reconnaissance","TA0042":"Resource Development","TA0001":"Initial Access","TA0002":"Execution","TA0003":"Persistence","TA0004":"Privilege Escalation","TA0005":"Defense Evasion","TA0006":"Credential Access","TA0007":"Discovery","TA0008":"Lateral Movement","TA0009":"Collection","TA0011":"Command and Control","TA0010":"Exfiltration","TA0040":"Impact"},"refs":[{"cve":"CVE-2026-35569","url":"https://github.com/Chittu13/Chittu13","kind":"poc","title":"Chittu13/Chittu13","description":null,"language":null,"stars":1,"pushed_at":1781516890000,"source":"github"}],"user_tag_ids":[]};