836 matches found
Directus Cross-Site Scripting Vulnerability (CNVD-2022-08389)
Directus is a real-time Api and application dashboard. Used to manage Sql database content. Directus suffers from a cross-site scripting vulnerability that allows unlimited uploading of .html files in the media upload function, which leads to a cross-site scripting vulnerability. A low-privileged...
Directus Cross-Site Scripting Vulnerability
Directus is a real-time Api and application dashboard. Used to manage Sql database content. A cross-site scripting vulnerability exists in Directus that allows unlimited uploads of .html files in the media upload feature and can be exploited by a low-privileged attacker to execute JavaScript code...
CVE-2022-22117
In Directus, versions 9.0.0-alpha.4 through 9.4.1 allow unrestricted file upload of .html files in the media upload functionality, which leads to Cross-Site Scripting vulnerability. A low privileged attacker can upload a crafted HTML file as a profile avatar, and when an admin or another user ope...
CVE-2022-22116
In Directus, versions 9.0.0-alpha.4 through 9.4.1 are vulnerable to stored Cross-Site Scripting XSS vulnerability via SVG file upload in media upload functionality. A low privileged attacker can inject arbitrary javascript code which will be executed in a victim’s browser when they open the image...
CVE-2022-22116
In Directus, versions 9.0.0-alpha.4 through 9.4.1 are vulnerable to stored Cross-Site Scripting XSS vulnerability via SVG file upload in media upload functionality. A low privileged attacker can inject arbitrary javascript code which will be executed in a victim’s browser when they open the image...
CVE-2022-22117
In Directus, versions 9.0.0-alpha.4 through 9.4.1 allow unrestricted file upload of .html files in the media upload functionality, which leads to Cross-Site Scripting vulnerability. A low privileged attacker can upload a crafted HTML file as a profile avatar, and when an admin or another user ope...
Unrestricted file upload
In Directus, versions 9.0.0-alpha.4 through 9.4.1 allow unrestricted file upload of .html files in the media upload functionality, which leads to Cross-Site Scripting vulnerability. A low privileged attacker can upload a crafted HTML file as a profile avatar, and when an admin or another user ope...
Cross site scripting
In Directus, versions 9.0.0-alpha.4 through 9.4.1 are vulnerable to stored Cross-Site Scripting XSS vulnerability via SVG file upload in media upload functionality. A low privileged attacker can inject arbitrary javascript code which will be executed in a victim’s browser when they open the image...
CVE-2022-22117
Directus contains a Cross-Site Scripting vulnerability in its media upload flow (versions 9.0.0-alpha.4 through 9.4.1) where unrestricted HTML file uploads can be used as a profile avatar. A low-privilege attacker can upload a crafted HTML file, and when an admin or another user opens it, the XSS...
CVE-2022-22117 Directus - Stored Cross-Site Scripting (XSS) in Profile Avatar Image
In Directus, versions 9.0.0-alpha.4 through 9.4.1 allow unrestricted file upload of .html files in the media upload functionality, which leads to Cross-Site Scripting vulnerability. A low privileged attacker can upload a crafted HTML file as a profile avatar, and when an admin or another user ope...
CVE-2022-22116 Directus - Stored Cross-Site Scripting (XSS) via SVG File Upload
In Directus, versions 9.0.0-alpha.4 through 9.4.1 are vulnerable to stored Cross-Site Scripting XSS vulnerability via SVG file upload in media upload functionality. A low privileged attacker can inject arbitrary javascript code which will be executed in a victim’s browser when they open the image...
CVE-2022-22116
Directus Vulnerability: CVE-2022-22116 affects Directus versions 9.0.0-alpha.4 through 9.4.1 with a stored XSS via SVG file uploads in the media upload flow. Root cause: improper handling of SVG uploads allowing injection of arbitrary JavaScript, executed when a victim opens the image URL. Impact...
Directus 跨站脚本漏洞
Directus is a real-time Api and application dashboard. Used to manage Sql database content. A cross-site scripting vulnerability exists in Directus that allows unlimited uploads of .html files in the media upload feature and can be exploited by a low-privileged attacker to execute JavaScript code...
Directus 跨站脚本漏洞
Directus is a real-time Api and application dashboard. Used to manage Sql database content. Directus suffers from a cross-site scripting vulnerability that allows unlimited uploading of .html files in the media upload function, which leads to a cross-site scripting vulnerability. A low-privileged...
CVE-2022-22117
In Directus, versions 9.0.0-alpha.4 through 9.4.1 allow unrestricted file upload of .html files in the media upload functionality, which leads to Cross-Site Scripting vulnerability. A low privileged attacker can upload a crafted HTML file as a profile avatar, and when an admin or another user ope...
CVE-2022-22116
In Directus, versions 9.0.0-alpha.4 through 9.4.1 are vulnerable to stored Cross-Site Scripting XSS vulnerability via SVG file upload in media upload functionality. A low privileged attacker can inject arbitrary javascript code which will be executed in a victim’s browser when they open the image...
CVE-2021-29641
Directus 8 before 8.8.2 allows remote authenticated users to execute arbitrary code because file-upload permissions include the ability to upload a .php file to the main upload directory and/or upload a .php file and a .htaccess file to a subdirectory. Exploitation succeeds only for certain...
CVE-2021-29641
Directus 8 before 8.8.2 allows remote authenticated users to execute arbitrary code because file-upload permissions include the ability to upload a .php file to the main upload directory and/or upload a .php file and a .htaccess file to a subdirectory. Exploitation succeeds only for certain...
Design/Logic Flaw
Directus 8 before 8.8.2 allows remote authenticated users to execute arbitrary code because file-upload permissions include the ability to upload a .php file to the main upload directory and/or upload a .php file and a .htaccess file to a subdirectory. Exploitation succeeds only for certain...
CVE-2021-29641
Directus 8 before 8.8.2 allows remote authenticated users to execute arbitrary code because file-upload permissions include the ability to upload a .php file to the main upload directory and/or upload a .php file and a .htaccess file to a subdirectory. Exploitation succeeds only for certain...