Lucene search
PRIOn knowledge basePRION:CVE-2022-22117HistoryJan 10, 2022 - 4:15 p.m.
Unrestricted file upload
2022-01-1016:15:00
PRIOn knowledge base
www.prio-n.com
1
0.001 Low
EPSS
Percentile
21.5%
In Directus, versions 9.0.0-alpha.4 through 9.4.1 allow unrestricted file upload of .html files in the media upload functionality, which leads to Cross-Site Scripting vulnerability. A low privileged attacker can upload a crafted HTML file as a profile avatar, and when an admin or another user opens it, the XSS payload gets triggered.
Related
cve
cve
CVE-2022-22117
2022-01-10 16:15:10
osv
osv
CVE-2022-22117
2022-01-10 16:15:10
nvd
nvd
CVE-2022-22117
2022-01-10 16:15:10
cvelist
cvelist
cnvd
cnvd
Directus Cross-Site Scripting Vulnerability (CNVD-2022-08389)
2022-01-14 00:00:00