Lucene search
+L

692 matches found

OSV
OSV
added 2022/06/14 12:0 a.m.2 views

GHSA-MCQM-6FF4-53QX Cross-site Scripting in Strapi

Strapi v3.x.x versions and earlier contain a stored cross-site scripting vulnerability in file upload function. By exploiting this vulnerability, an arbitrary script may be executed on the web browser of the user who is logging in to the product with the administrative privilege...

4.8CVSS5.9AI score0.00712EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2022/06/14 12:0 a.m.32 views

Cross-site Scripting in Strapi

Strapi v3.x.x versions and earlier contain a stored cross-site scripting vulnerability in file upload function. By exploiting this vulnerability, an arbitrary script may be executed on the web browser of the user who is logging in to the product with the administrative privilege...

4.8CVSS5.1AI score0.00712EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2022/06/13 5:15 a.m.11 views

CVE-2022-29894

Strapi v3.x.x versions and earlier contain a stored cross-site scripting vulnerability in file upload function. By exploiting this vulnerability, an arbitrary script may be executed on the web browser of the user who is logging in to the product with the administrative privilege...

4.8CVSS0.00712EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2022/06/13 5:15 a.m.4 views

CVE-2022-29894

Strapi v3.x.x versions and earlier contain a stored cross-site scripting vulnerability in file upload function. By exploiting this vulnerability, an arbitrary script may be executed on the web browser of the user who is logging in to the product with the administrative privilege...

4.8CVSS6AI score0.00712EPSS
Exploits0References4
Prion
Prion
added 2022/06/13 5:15 a.m.19 views

Cross site scripting

Strapi v3.x.x versions and earlier contain a stored cross-site scripting vulnerability in file upload function. By exploiting this vulnerability, an arbitrary script may be executed on the web browser of the user who is logging in to the product with the administrative privilege...

3.5CVSS4.9AI score0.00712EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2022/06/13 4:50 a.m.482 views

CVE-2022-29894

CVE-2022-29894 affects Strapi v3.x.x and earlier, with a stored cross-site scripting vulnerability in the file upload function that can cause an arbitrary script to execute in the browser of a user logging in with administrative privileges. The issue is consistently described across multiple sour...

4.8CVSS4.9AI score0.00712EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2022/06/13 4:50 a.m.19 views

CVE-2022-29894

Strapi v3.x.x versions and earlier contain a stored cross-site scripting vulnerability in file upload function. By exploiting this vulnerability, an arbitrary script may be executed on the web browser of the user who is logging in to the product with the administrative privilege...

5.2AI score0.00712EPSS
Exploits0References3
OSV
OSV
added 2022/06/13 4:50 a.m.16 views

CVE-2022-29894

Strapi v3.x.x versions and earlier contain a stored cross-site scripting vulnerability in file upload function. By exploiting this vulnerability, an arbitrary script may be executed on the web browser of the user who is logging in to the product with the administrative privilege...

4.8CVSS6.1AI score0.00712EPSS
Exploits0References5
vulnersOsv
vulnersOsv
added 2022/05/24 5:21 p.m.10 views

@depup/strapi (=2.0.2-depup.0), @symbol-it/strapi-plugin-mailjet (>=0.0.1 <=0.0.2) +8 more potentially affected by CVE-2020-13961 via strapi (>=2.0.2 <=3.0.0)

strapi NPM version =2.0.2, =0.0.1, =0.0.34, =2.0.0, =2.0.0, =0.0.1-alpha.1, =0.0.1-alpha.2 - strapi-plugin-mailjet =0.0.2 Source cves: CVE-2020-13961 Source advisory: OSV:GHSA-65WV-528R-M892...

6.5CVSS6.6AI score0.01666EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2022/05/24 5:21 p.m.20 views

Improper Input Validation in strapi

Strapi before 3.0.2 could allow a remote authenticated attacker to bypass security restrictions because templates are stored in a global variable without any sanitation. By sending a specially crafted request, an attacker could exploit this vulnerability to update the email template for both...

6.5CVSS3.6AI score0.01666EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2022/05/24 5:21 p.m.30 views

GHSA-65WV-528R-M892 Improper Input Validation in strapi

Strapi before 3.0.2 could allow a remote authenticated attacker to bypass security restrictions because templates are stored in a global variable without any sanitation. By sending a specially crafted request, an attacker could exploit this vulnerability to update the email template for both...

6.5CVSS6.4AI score0.01666EPSS
Exploits0References5
Veracode
Veracode
added 2022/05/20 6:19 a.m.36 views

Information Disclosure

strapi is vulnerable to information disclosure. A remote authenticated attacker with access to the Strapi admin panel is able to gain access to private and sensitive data, such as email and password reset tokens and compromise other users’ accounts by successfully invoking the password reset...

8.8CVSS8.2AI score0.01409EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2022/05/20 12:0 a.m.14 views

GHSA-F6FM-R26Q-P747 Improper Removal of Sensitive Information Before Storage or Transfer in Strapi

An authenticated user with access to the Strapi admin panel can view private and sensitive data, such as email and password reset tokens, for other admin panel users that have a relationship e.g., created by, updated by with content accessible to the authenticated user. For example, a...

8.8CVSS6AI score0.01409EPSS
Exploits0References3
vulnersOsv
vulnersOsv
added 2022/05/20 12:0 a.m.5 views

@jayway/tds (=0.0.1), @koj/strapi (>=0.0.0 <=1.4.3) +17 more potentially affected by CVE-2022-30618 via strapi (>=3.0.0 <=3.6.8)

strapi NPM version =3.0.0, =0.0.0, =0.0.1, =1.1.0, =1.0.0, =3.6.1-0.1, =0.1.3, =3.0.0, =3.1.5 and more Source cves: CVE-2022-30618 Source advisory: OSV:GHSA-VGJ7-895J-GPR6...

7.5CVSS7.1AI score0.00922EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2022/05/20 12:0 a.m.7 views

@jayway/tds (=0.0.1), @koj/strapi (>=0.0.0 <=1.4.3) +17 more potentially affected by CVE-2022-30617 via strapi (>=3.0.0 <=3.6.8)

strapi NPM version =3.0.0, =0.0.0, =0.0.1, =1.1.0, =1.0.0, =3.6.1-0.1, =0.1.3, =3.0.0, =3.1.5 and more Source cves: CVE-2022-30617 Source advisory: OSV:GHSA-F6FM-R26Q-P747...

9CVSS7.2AI score0.01409EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2022/05/20 12:0 a.m.5 views

@beardeddudes/strapi-types (=0.1.0), @bimbeo160/admin (=4.12.2) +52 more potentially affected by CVE-2022-30618 via @strapi/strapi (>=0.0.0-a3ff110fc401ef4fbd6cd90780bf87a83a2cb04b <=4.1.8)

@strapi/strapi NPM version =0.0.0-a3ff110fc401ef4fbd6cd90780bf87a83a2cb04b, =4.12.2, =1.0.9, =1.0.0-alpha.0, =1.1.0, =4.12.4-lakileki.1, =3.5.2, =1.0.1, =1.1.0 - @purnamasari/strapi-plugin-firebase-auth =1.0.11 and more Source cves: CVE-2022-30618 Source advisory: OSV:GHSA-VGJ7-895J-GPR6...

7.5CVSS7.1AI score0.00922EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2022/05/20 12:0 a.m.34 views

Improper Removal of Sensitive Information Before Storage or Transfer in Strapi

An authenticated user with access to the Strapi admin panel can view private and sensitive data, such as email and password reset tokens, for other admin panel users that have a relationship e.g., created by, updated by with content accessible to the authenticated user. For example, a...

9CVSS8.3AI score0.01409EPSS
Exploits0References3Affected Software2
OSV
OSV
added 2022/05/20 12:0 a.m.41 views

GHSA-VGJ7-895J-GPR6 Improper Removal of Sensitive Information Before Storage or Transfer in Strapi

An authenticated user with access to the Strapi admin panel can view private and sensitive data, such as email and password reset tokens, for API users if content types accessible to the authenticated user contain relationships to API users from:users-permissions. There are many scenarios in whic...

7.5CVSS7AI score0.00922EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2022/05/20 12:0 a.m.23 views

Improper Removal of Sensitive Information Before Storage or Transfer in Strapi

An authenticated user with access to the Strapi admin panel can view private and sensitive data, such as email and password reset tokens, for API users if content types accessible to the authenticated user contain relationships to API users from:users-permissions. There are many scenarios in whic...

7.5CVSS7.3AI score0.00922EPSS
Exploits0References3Affected Software2
ATTACKERKB
ATTACKERKB
added 2022/05/19 6:15 p.m.3 views

CVE-2022-30617

An authenticated user with access to the Strapi admin panel can view private and sensitive data, such as email and password reset tokens, for other admin panel users that have a relationship e.g., created by, updated by with content accessible to the authenticated user. For example, a...

9CVSS7.3AI score0.01409EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder