836 matches found
CVE-2023-27474
Directus is a real-time API and App dashboard for managing SQL database content. Instances relying on an allow-listed reset URL are vulnerable to an HTML injection attack through the use of query parameters in the reset URL. An attacker could exploit this to email users urls to the servers domain...
Input validation
Directus is a real-time API and App dashboard for managing SQL database content. Instances relying on an allow-listed reset URL are vulnerable to an HTML injection attack through the use of query parameters in the reset URL. An attacker could exploit this to email users urls to the servers domain...
CVE-2023-27474 HTML Injection in Password Reset email to custom Reset URL in directus
Directus is a real-time API and App dashboard for managing SQL database content. Instances relying on an allow-listed reset URL are vulnerable to an HTML injection attack through the use of query parameters in the reset URL. An attacker could exploit this to email users urls to the servers domain...
CVE-2023-27474
Directus (real‑time API and App dashboard for SQL content) has a HTML injection vulnerability in reset URLs when an allow‑listed reset URL is used. The issue arises from query parameters in the reset URL, enabling an attacker to craft emails directing users to the server domain that may include m...
CVE-2023-27474 HTML Injection in Password Reset email to custom Reset URL in directus
Directus is a real-time API and App dashboard for managing SQL database content. Instances relying on an allow-listed reset URL are vulnerable to an HTML injection attack through the use of query parameters in the reset URL. An attacker could exploit this to email users urls to the servers domain...
CVE-2023-27474 HTML Injection in Password Reset email to custom Reset URL in directus
Directus is a real-time API and App dashboard for managing SQL database content. Instances relying on an allow-listed reset URL are vulnerable to an HTML injection attack through the use of query parameters in the reset URL. An attacker could exploit this to email users urls to the servers domain...
PT-2023-21151 · Directus · Directus
Name of the Vulnerable Software and Affected Versions: Directus versions prior to 9.23.0 Description: Directus is a real-time API and App dashboard for managing SQL database content. Instances relying on an allow-listed reset URL are vulnerable to an HTML injection attack through the use of query...
Directus 跨站脚本漏洞
Directus is a real-time Api and application dashboard. It is used to manage Sql database content. A cross-site scripting vulnerability exists in Directus versions prior to 9.23.0 that stems from vulnerability to HTML injection attacks...
GHSA-J3RG-3RGM-537H Directus vulnerable to Server-Side Request Forgery On File Import
Summary Directus versions =9.22.4 is vulnerable to Server-Side Request Forgery SSRF when importing a file from a remote web server POST to /files/import. An attacker can bypass the security controls that were implemented to patch vulnerability CVE-2022-23080 by performing a DNS rebinding attack a...
Directus vulnerable to Server-Side Request Forgery On File Import
Summary Directus versions =9.22.4 is vulnerable to Server-Side Request Forgery SSRF when importing a file from a remote web server POST to /files/import. An attacker can bypass the security controls that were implemented to patch vulnerability CVE-2022-23080 by performing a DNS rebinding attack a...
CVE-2023-26492
Directus is a real-time API and App dashboard for managing SQL database content. Directus is vulnerable to Server-Side Request Forgery SSRF when importing a file from a remote web server POST to /files/import. An attacker can bypass the security controls by performing a DNS rebinding attack and...
Server side request forgery (ssrf)
Directus is a real-time API and App dashboard for managing SQL database content. Directus is vulnerable to Server-Side Request Forgery SSRF when importing a file from a remote web server POST to /files/import. An attacker can bypass the security controls by performing a DNS rebinding attack and...
CVE-2023-26492 Directus vulnerable to Server-Side Request Forgery On File Import
Directus is a real-time API and App dashboard for managing SQL database content. Directus is vulnerable to Server-Side Request Forgery SSRF when importing a file from a remote web server POST to /files/import. An attacker can bypass the security controls by performing a DNS rebinding attack and...
CVE-2023-26492 Directus vulnerable to Server-Side Request Forgery On File Import
Directus is a real-time API and App dashboard for managing SQL database content. Directus is vulnerable to Server-Side Request Forgery SSRF when importing a file from a remote web server POST to /files/import. An attacker can bypass the security controls by performing a DNS rebinding attack and...
CVE-2023-26492
Directus is vulnerable to Server-Side Request Forgery (SSRF) when importing a file from a remote web server (POST to /files/import), exploitable via DNS rebinding to bypass IP deny lists and access sensitive internal data. Affected versions include Directus prior to 9.23.0 (e.g.,
CVE-2023-26492 Directus vulnerable to Server-Side Request Forgery On File Import
Directus is a real-time API and App dashboard for managing SQL database content. Directus is vulnerable to Server-Side Request Forgery SSRF when importing a file from a remote web server POST to /files/import. An attacker can bypass the security controls by performing a DNS rebinding attack and...
Directus 代码问题漏洞
Directus is a real-time Api and application dashboard. It is used to manage Sql database content. A code issue vulnerability exists in Directus versions prior to 9.23.0 that stems from the presence of a server-side request forgery SSRF vulnerability, which can be exploited by an attacker to acces...
PT-2023-20682 · Directus · Directus
Name of the Vulnerable Software and Affected Versions: Directus versions prior to 9.23.0 Description: Directus is a real-time API and App dashboard for managing SQL database content. It is vulnerable to Server-Side Request Forgery SSRF when importing a file from a remote web server via a POST...
CVE-2022-26969
In Directus before 9.7.0, the default settings of CORSORIGIN and CORSENABLED are true...
CVE-2022-26969
In Directus before 9.7.0, the default settings of CORSORIGIN and CORSENABLED are true...