A vulnerability was found in apostrophecms apostrophe up to 2.17.3 and classified as problematic . This impacts an unknown function of the component API . Such manipulation leads to cross site scripting. This vulnerability is listed as CVE-2026-44990 . The attack may be performed from remote. There is no available exploit. It is suggested to upgrade the affected component.