Lucene search
China National Vulnerability DatabaseCNVD-2022-08389HistoryJan 14, 2022 - 12:00 a.m.
Directus Cross-Site Scripting Vulnerability (CNVD-2022-08389)
2022-01-1400:00:00
China National Vulnerability Database
www.cnvd.org.cn
4
0.001 Low
EPSS
Percentile
21.5%
Directus is a live Api and application dashboard. Used to manage Sql database content, Directus suffers from a cross-site scripting vulnerability that allows unlimited uploads of .html files in the media upload feature, which leads to a cross-site scripting vulnerability. A low-privilege attacker could exploit the vulnerability to upload a crafted HTML file as a configuration file, and when an administrator or other user opens it, the XSS payload is triggered.
| CPE | Name | Operator | Version |
|---|---|---|---|
| Directus Directus >=9.0.0-alpha.4, | le | 9.4.1 |
Related
cve
cve
CVE-2022-22117
2022-01-10 16:15:10
osv
osv
CVE-2022-22117
2022-01-10 16:15:10
nvd
nvd
CVE-2022-22117
2022-01-10 16:15:10
prion
prion
Unrestricted file upload
2022-01-10 16:15:00
cvelist
cvelist