Lucene search
+L

692 matches found

NVD
NVD
added 2022/05/19 6:15 p.m.23 views

CVE-2022-30618

An authenticated user with access to the Strapi admin panel can view private and sensitive data, such as email and password reset tokens, for API users if content types accessible to the authenticated user contain relationships to API users from:users-permissions. There are many scenarios in whic...

7.5CVSS0.00922EPSS
Exploits0References1
NVD
NVD
added 2022/05/19 6:15 p.m.22 views

CVE-2022-30617

An authenticated user with access to the Strapi admin panel can view private and sensitive data, such as email and password reset tokens, for other admin panel users that have a relationship e.g., created by, updated by with content accessible to the authenticated user. For example, a...

9CVSS0.01409EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2022/05/19 6:15 p.m.3 views

CVE-2022-30618

An authenticated user with access to the Strapi admin panel can view private and sensitive data, such as email and password reset tokens, for API users if content types accessible to the authenticated user contain relationships to API users from:users-permissions. There are many scenarios in whic...

7.5CVSS7.1AI score0.00922EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2022/05/19 6:15 p.m.22 views

Design/Logic Flaw

An authenticated user with access to the Strapi admin panel can view private and sensitive data, such as email and password reset tokens, for other admin panel users that have a relationship e.g., created by, updated by with content accessible to the authenticated user. For example, a...

9CVSS8.5AI score0.01409EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2022/05/19 6:15 p.m.23 views

Design/Logic Flaw

An authenticated user with access to the Strapi admin panel can view private and sensitive data, such as email and password reset tokens, for API users if content types accessible to the authenticated user contain relationships to API users from:users-permissions. There are many scenarios in whic...

6CVSS7.4AI score0.00922EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2022/05/19 5:8 p.m.536 views

CVE-2022-30618

The CVE-2022-30618 entry describes a vulnerability in Strapi where an authenticated user with access to the Strapi admin panel can view private data (e.g., email, password reset tokens) of API users when content types have relationships to API users (from: users-permissions). The leak occurs in J...

7.5CVSS7.5AI score0.00922EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2022/05/19 5:8 p.m.15 views

CVE-2022-30618

An authenticated user with access to the Strapi admin panel can view private and sensitive data, such as email and password reset tokens, for API users if content types accessible to the authenticated user contain relationships to API users from:users-permissions. There are many scenarios in whic...

7.5CVSS6.6AI score0.00922EPSS
Exploits0References3
Cvelist
Cvelist
added 2022/05/19 5:8 p.m.32 views

CVE-2022-30618

An authenticated user with access to the Strapi admin panel can view private and sensitive data, such as email and password reset tokens, for API users if content types accessible to the authenticated user contain relationships to API users from:users-permissions. There are many scenarios in whic...

7.7AI score0.00922EPSS
Exploits0References1
Cvelist
Cvelist
added 2022/05/19 5:7 p.m.30 views

CVE-2022-30617

An authenticated user with access to the Strapi admin panel can view private and sensitive data, such as email and password reset tokens, for other admin panel users that have a relationship e.g., created by, updated by with content accessible to the authenticated user. For example, a...

8.8AI score0.01409EPSS
Exploits0References1
CVE
CVE
added 2022/05/19 5:7 p.m.556 views

CVE-2022-30617

The CVE-2022-30617 issue affects Strapi where an authenticated admin-panel user can read private data (e.g., emails, password reset tokens) for other admin users via related content in the JSON response. This leakage occurs across relationships (e.g., content created/updated by another user) and ...

9CVSS8.5AI score0.01409EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2022/05/19 5:7 p.m.14 views

CVE-2022-30617

An authenticated user with access to the Strapi admin panel can view private and sensitive data, such as email and password reset tokens, for other admin panel users that have a relationship e.g., created by, updated by with content accessible to the authenticated user. For example, a...

9CVSS6.5AI score0.01409EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/05/19 12:0 a.m.3 views

Strapi 安全漏洞

Strapi is an open source content management system CMS. A security vulnerability in Strapi version 3.0 prior to version 3.6.9 and version 4.0 prior to version 4.0.0-beta.15 arises from a vulnerability in which an authenticated user with access to the Strapi admin panel can view private and...

9CVSS7.8AI score0.01409EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/05/19 12:0 a.m.4 views

Strapi 安全漏洞

Strapi is an open source content management system CMS. A security vulnerability exists in Strapi versions 3.0 prior to 3.6.9 and 4.0 prior to 4.1.9, which stems from the fact that details from API users may be leaked into JSON responses in the admin panel through a direct or indirect relationshi...

7.5CVSS7.2AI score0.00922EPSS
Exploits0References3
CNVD
CNVD
added 2022/05/17 12:0 a.m.108 views

Strapi Cross-Site Scripting Vulnerability (CNVD-2022-47471)

Strapi is an open source content management system CMS. Strapi suffers from a cross-site scripting vulnerability that stems from insufficient filtering of user-supplied data in the file upload function, which can be exploited by remote attackers to inject and execute arbitrary HTML and script cod...

4.8CVSS3.9AI score0.00712EPSS
Exploits0References1
OSV
OSV
added 2022/05/16 2:15 p.m.1 views

DEBIAN-CVE-2022-29622

An arbitrary file upload vulnerability in formidable v3.1.4 allows attackers to execute arbitrary code via a crafted filename. NOTE: some third parties dispute this issue because the product has common use cases in which uploading arbitrary files is the desired behavior. Also, there are...

9.8CVSS8.8AI score0.0341EPSS
Exploits2References1
NVD
NVD
added 2022/05/16 2:15 p.m.12 views

CVE-2022-29622

An arbitrary file upload vulnerability in formidable v3.1.4 allows attackers to execute arbitrary code via a crafted filename. NOTE: some third parties dispute this issue because the product has common use cases in which uploading arbitrary files is the desired behavior. Also, there are...

9.8CVSS0.0341EPSS
Exploits2References5
ATTACKERKB
ATTACKERKB
added 2022/05/16 2:15 p.m.2 views

CVE-2022-29622

An arbitrary file upload vulnerability in formidable v3.1.4 allows attackers to execute arbitrary code via a crafted filename. NOTE: some third parties dispute this issue because the product has common use cases in which uploading arbitrary files is the desired behavior. Also, there are...

9.8CVSS6.2AI score0.0341EPSS
Exploits2References7
OSV
OSV
added 2022/05/16 2:15 p.m.5 views

UBUNTU-CVE-2022-29622

DISPUTED An arbitrary file upload vulnerability in formidable v3.1.4 allows attackers to execute arbitrary code via a crafted filename. NOTE: some third parties dispute this issue because the product has common use cases in which uploading arbitrary files is the desired behavior. Also, there are...

9.8CVSS7.6AI score0.0341EPSS
Exploits2References5
Debian CVE
Debian CVE
added 2022/05/16 12:0 a.m.48 views

CVE-2022-29622

An arbitrary file upload vulnerability in formidable v3.1.4 allows attackers to execute arbitrary code via a crafted filename. NOTE: some third parties dispute this issue because the product has common use cases in which uploading arbitrary files is the desired behavior. Also, there are...

9.8CVSS9.3AI score0.0341EPSS
Exploits2
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/05/13 7:45 a.m.3 views

Strapi vulnerable to cross-site scripting

Overview Strapi contains a stored cross-site scripting vulnerability CWE-79 in the file upload function. Yuta Morioka of Information Science College reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An arbitra...

5.4CVSS5.9AI score0.00712EPSS
Exploits0References6
Rows per page
Query Builder