692 matches found
GHSA-MCQM-6FF4-53QX Cross-site Scripting in Strapi
Strapi v3.x.x versions and earlier contain a stored cross-site scripting vulnerability in file upload function. By exploiting this vulnerability, an arbitrary script may be executed on the web browser of the user who is logging in to the product with the administrative privilege...
Cross-site Scripting in Strapi
Strapi v3.x.x versions and earlier contain a stored cross-site scripting vulnerability in file upload function. By exploiting this vulnerability, an arbitrary script may be executed on the web browser of the user who is logging in to the product with the administrative privilege...
CVE-2022-29894
Strapi v3.x.x versions and earlier contain a stored cross-site scripting vulnerability in file upload function. By exploiting this vulnerability, an arbitrary script may be executed on the web browser of the user who is logging in to the product with the administrative privilege...
CVE-2022-29894
Strapi v3.x.x versions and earlier contain a stored cross-site scripting vulnerability in file upload function. By exploiting this vulnerability, an arbitrary script may be executed on the web browser of the user who is logging in to the product with the administrative privilege...
Cross site scripting
Strapi v3.x.x versions and earlier contain a stored cross-site scripting vulnerability in file upload function. By exploiting this vulnerability, an arbitrary script may be executed on the web browser of the user who is logging in to the product with the administrative privilege...
CVE-2022-29894
CVE-2022-29894 affects Strapi v3.x.x and earlier, with a stored cross-site scripting vulnerability in the file upload function that can cause an arbitrary script to execute in the browser of a user logging in with administrative privileges. The issue is consistently described across multiple sour...
CVE-2022-29894
Strapi v3.x.x versions and earlier contain a stored cross-site scripting vulnerability in file upload function. By exploiting this vulnerability, an arbitrary script may be executed on the web browser of the user who is logging in to the product with the administrative privilege...
CVE-2022-29894
Strapi v3.x.x versions and earlier contain a stored cross-site scripting vulnerability in file upload function. By exploiting this vulnerability, an arbitrary script may be executed on the web browser of the user who is logging in to the product with the administrative privilege...
@depup/strapi (=2.0.2-depup.0), @symbol-it/strapi-plugin-mailjet (>=0.0.1 <=0.0.2) +8 more potentially affected by CVE-2020-13961 via strapi (>=2.0.2 <=3.0.0)
strapi NPM version =2.0.2, =0.0.1, =0.0.34, =2.0.0, =2.0.0, =0.0.1-alpha.1, =0.0.1-alpha.2 - strapi-plugin-mailjet =0.0.2 Source cves: CVE-2020-13961 Source advisory: OSV:GHSA-65WV-528R-M892...
Improper Input Validation in strapi
Strapi before 3.0.2 could allow a remote authenticated attacker to bypass security restrictions because templates are stored in a global variable without any sanitation. By sending a specially crafted request, an attacker could exploit this vulnerability to update the email template for both...
GHSA-65WV-528R-M892 Improper Input Validation in strapi
Strapi before 3.0.2 could allow a remote authenticated attacker to bypass security restrictions because templates are stored in a global variable without any sanitation. By sending a specially crafted request, an attacker could exploit this vulnerability to update the email template for both...
Information Disclosure
strapi is vulnerable to information disclosure. A remote authenticated attacker with access to the Strapi admin panel is able to gain access to private and sensitive data, such as email and password reset tokens and compromise other users’ accounts by successfully invoking the password reset...
GHSA-F6FM-R26Q-P747 Improper Removal of Sensitive Information Before Storage or Transfer in Strapi
An authenticated user with access to the Strapi admin panel can view private and sensitive data, such as email and password reset tokens, for other admin panel users that have a relationship e.g., created by, updated by with content accessible to the authenticated user. For example, a...
@jayway/tds (=0.0.1), @koj/strapi (>=0.0.0 <=1.4.3) +17 more potentially affected by CVE-2022-30618 via strapi (>=3.0.0 <=3.6.8)
strapi NPM version =3.0.0, =0.0.0, =0.0.1, =1.1.0, =1.0.0, =3.6.1-0.1, =0.1.3, =3.0.0, =3.1.5 and more Source cves: CVE-2022-30618 Source advisory: OSV:GHSA-VGJ7-895J-GPR6...
@jayway/tds (=0.0.1), @koj/strapi (>=0.0.0 <=1.4.3) +17 more potentially affected by CVE-2022-30617 via strapi (>=3.0.0 <=3.6.8)
strapi NPM version =3.0.0, =0.0.0, =0.0.1, =1.1.0, =1.0.0, =3.6.1-0.1, =0.1.3, =3.0.0, =3.1.5 and more Source cves: CVE-2022-30617 Source advisory: OSV:GHSA-F6FM-R26Q-P747...
@beardeddudes/strapi-types (=0.1.0), @bimbeo160/admin (=4.12.2) +52 more potentially affected by CVE-2022-30618 via @strapi/strapi (>=0.0.0-a3ff110fc401ef4fbd6cd90780bf87a83a2cb04b <=4.1.8)
@strapi/strapi NPM version =0.0.0-a3ff110fc401ef4fbd6cd90780bf87a83a2cb04b, =4.12.2, =1.0.9, =1.0.0-alpha.0, =1.1.0, =4.12.4-lakileki.1, =3.5.2, =1.0.1, =1.1.0 - @purnamasari/strapi-plugin-firebase-auth =1.0.11 and more Source cves: CVE-2022-30618 Source advisory: OSV:GHSA-VGJ7-895J-GPR6...
Improper Removal of Sensitive Information Before Storage or Transfer in Strapi
An authenticated user with access to the Strapi admin panel can view private and sensitive data, such as email and password reset tokens, for other admin panel users that have a relationship e.g., created by, updated by with content accessible to the authenticated user. For example, a...
GHSA-VGJ7-895J-GPR6 Improper Removal of Sensitive Information Before Storage or Transfer in Strapi
An authenticated user with access to the Strapi admin panel can view private and sensitive data, such as email and password reset tokens, for API users if content types accessible to the authenticated user contain relationships to API users from:users-permissions. There are many scenarios in whic...
Improper Removal of Sensitive Information Before Storage or Transfer in Strapi
An authenticated user with access to the Strapi admin panel can view private and sensitive data, such as email and password reset tokens, for API users if content types accessible to the authenticated user contain relationships to API users from:users-permissions. There are many scenarios in whic...
CVE-2022-30617
An authenticated user with access to the Strapi admin panel can view private and sensitive data, such as email and password reset tokens, for other admin panel users that have a relationship e.g., created by, updated by with content accessible to the authenticated user. For example, a...