Directus is a live Api and application dashboard. Used to manage Sql database content, Directus suffers from a cross-site scripting vulnerability that allows unrestricted uploading of .html files in the media upload function, which can be exploited by low-privilege attackers to execute JavaScript code on the client side.
CPE | Name | Operator | Version |
---|---|---|---|
Directus Directus >=9.0.0-alpha.4, | le | 9.4.1 |