Lucene search
+L

692 matches found

cnnvd
cnnvd
added 2022/05/13 12:0 a.m.6 views

Strapi 跨站脚本漏洞

Strapi is an open source content management system CMS. Strapi suffers from a cross-site scripting vulnerability that stems from insufficient filtering of user-supplied data in the file upload function, which can be exploited by remote attackers to inject and execute arbitrary HTML and script cod...

4.8CVSS5.6AI score0.00712EPSS
Exploits0References6
jvn
jvn
added 2022/05/13 12:0 a.m.40 views

JVN#44550983: Strapi vulnerable to cross-site scripting

Strapi contains a stored cross-site scripting vulnerability CWE-79 in the file upload function. Impact An arbitrary script may be executed on the web browser of the user who is logging in to the product with the administrative privilege. Solution Update the Software Update the software to the...

4.8CVSS4.8AI score0.00712EPSS
Exploits0
osv
osv
added 2022/05/04 12:0 a.m.64 views

GHSA-85VG-GRR5-PW42 Insecure password handling vulnerability in Strapi

Storing passwords in a recoverable format in the DOCUMENTATION plugin component of Strapi before 3.6.9 and 4.x before 4.1.5 allows an attacker to access a victim's HTTP request. From this, the attacker can get the victim's cookie, base64 decode it, and obtain a cleartext password, leading to...

7.5CVSS5.9AI score0.02786EPSS
Exploits3References6
vulnersosv
vulnersosv
added 2022/05/04 12:0 a.m.4 views

@depup/strapi (=2.0.2-depup.0), @jayway/tds (=0.0.1) +25 more potentially affected by CVE-2021-46440 via strapi (>=2.0.2 <=3.6.8)

strapi NPM version =2.0.2, =0.0.0, =0.0.1, =0.0.34, =1.1.0, =1.0.0, =3.6.1-0.1, =2.0.0, =2.0.2 - strapi-editorjs =0.0.1 and more Source cves: CVE-2021-46440 Source advisory: OSV:GHSA-85VG-GRR5-PW42...

7.5CVSS7.1AI score0.02786EPSS
Exploits3
vulnersosv
vulnersosv
added 2022/05/04 12:0 a.m.8 views

@beardeddudes/strapi-types (=0.1.0), @bimbeo160/admin (=4.12.2) +50 more potentially affected by CVE-2021-46440 via @strapi/strapi (>=4.0.2 <=4.1.2)

@strapi/strapi NPM version =4.0.2, =4.12.2, =1.0.9, =1.0.0-alpha.2, =1.1.0, =4.12.4-lakileki.1, =3.5.2, =1.0.1, =1.0.8, =1.0.81 and more Source cves: CVE-2021-46440 Source advisory: OSV:GHSA-85VG-GRR5-PW42...

7.5CVSS7.1AI score0.02786EPSS
Exploits3
github
github
added 2022/05/04 12:0 a.m.32 views

Insecure password handling vulnerability in Strapi

Storing passwords in a recoverable format in the DOCUMENTATION plugin component of Strapi before 3.6.9 and 4.x before 4.1.5 allows an attacker to access a victim's HTTP request. From this, the attacker can get the victim's cookie, base64 decode it, and obtain a cleartext password, leading to...

7.5CVSS2.2AI score0.02786EPSS
Exploits3References6Affected Software2
attackerkb
attackerkb
added 2022/05/03 6:15 p.m.6 views

CVE-2021-46440

Storing passwords in a recoverable format in the DOCUMENTATION plugin component of Strapi before 3.6.9 and 4.x before 4.1.5 allows an attacker to access a victim's HTTP request, get the victim's cookie, perform a base64 decode on the victim's cookie, and obtain a cleartext password, leading to...

7.5CVSS7.2AI score0.02786EPSS
Exploits3References5
osv
osv
added 2022/05/03 6:15 p.m.19 views

CVE-2021-46440

Storing passwords in a recoverable format in the DOCUMENTATION plugin component of Strapi before 3.6.9 and 4.x before 4.1.5 allows an attacker to access a victim's HTTP request, get the victim's cookie, perform a base64 decode on the victim's cookie, and obtain a cleartext password, leading to...

7.5CVSS7.5AI score
Exploits0References4
prion
prion
added 2022/05/03 6:15 p.m.23 views

Format string

Storing passwords in a recoverable format in the DOCUMENTATION plugin component of Strapi before 3.6.9 and 4.x before 4.1.5 allows an attacker to access a victim's HTTP request, get the victim's cookie, perform a base64 decode on the victim's cookie, and obtain a cleartext password, leading to...

5CVSS7.4AI score0.02786EPSS
Exploits3References4Affected Software1
cve
cve
added 2022/05/03 5:3 p.m.1351 views

CVE-2021-46440

The CVE-2021-46440 issue affects Strapi (DOCUMENTATION plugin) prior to 3.6.9 and prior to 4.1.5. It stores passwords in a recoverable format, allowing an attacker who can access a victim’s HTTP request to retrieve the cookie, base64-decode it, and obtain a cleartext password. This enables access...

7.5CVSS7.3AI score0.02786EPSS
Exploits3References4Affected Software1
cvelist
cvelist
added 2022/05/03 5:3 p.m.43 views

CVE-2021-46440

Storing passwords in a recoverable format in the DOCUMENTATION plugin component of Strapi before 3.6.9 and 4.x before 4.1.5 allows an attacker to access a victim's HTTP request, get the victim's cookie, perform a base64 decode on the victim's cookie, and obtain a cleartext password, leading to...

7.6AI score0.02786EPSS
Exploits3References4
zdt
zdt
added 2022/05/03 12:0 a.m.239 views

Strapi 3.6.8 Password Disclosure / Insecure Handling Vulnerabilities

Exploit Title: Strapi " Exploit Author: Kitchaphan Singchai idealphase Vendor Homepage: https://strapi.io/ Software Link: https://github.com/strapi/strapi/releases Vulnerable Version: ..SNIP.. Redirecting to /documentation. Perform Base64 decoding and we got plaintext password in “documentation”...

7.5CVSS0.1AI score0.02786EPSS
Exploits3
packetstorm
packetstorm
added 2022/05/02 12:0 a.m.525 views

Strapi 3.6.8 Password Disclosure / Insecure Handling

Exploit Title: Strapi " Date: 2022-03-30 Exploit Author: Kitchaphan Singchai idealphase Vendor Homepage: https://strapi.io/ Software Link: https://github.com/strapi/strapi/releases Vulnerable Version: ..SNIP.. Redirecting to /documentati...

7.6AI score0.02786EPSS
Exploits3
cnnvd
cnnvd
added 2022/05/02 12:0 a.m.5 views

Strapi 安全漏洞

Strapi is an open source headless content management system CMS. A security vulnerability exists in Strapi that stems from the storage of passwords in a recoverable format in the DOCUMENTATION plug-in component. An attacker could use this vulnerability to access a victim's HTTP request, obtain th...

7.5CVSS7.2AI score0.02786EPSS
Exploits3References6
vulnersosv
vulnersosv
added 2022/04/13 12:0 a.m.5 views

@depup/strapi (=2.0.2-depup.0), @jayway/tds (=0.0.1) +25 more potentially affected by CVE-2022-27263 via strapi (>=2.0.2 <=3.6.8)

strapi NPM version =2.0.2, =0.0.0, =0.0.1, =0.0.34, =1.1.0, =1.0.0, =3.6.1-0.1, =2.0.0, =2.0.2 - strapi-editorjs =0.0.1 and more Source cves: CVE-2022-27263 Source advisory: OSV:GHSA-9QGM-W87Q-HX89...

9.8CVSS7.2AI score0.03018EPSS
Exploits1
osv
osv
added 2022/04/13 12:0 a.m.21 views

GHSA-9QGM-W87Q-HX89 Unrestricted Upload of File with Dangerous Type in Strapi

An arbitrary file upload vulnerability in the file upload module of Strapi v4.1.5 allows attackers to execute arbitrary code via a crafted file...

9.8CVSS9.6AI score0.03018EPSS
Exploits1References3
github
github
added 2022/04/13 12:0 a.m.104 views

Unrestricted Upload of File with Dangerous Type in Strapi

An arbitrary file upload vulnerability in the file upload module of Strapi v4.1.5 allows attackers to execute arbitrary code via a crafted file...

9.8CVSS7AI score0.03018EPSS
Exploits1References3Affected Software1
nvd
nvd
added 2022/04/12 5:15 p.m.28 views

CVE-2022-27263

An arbitrary file upload vulnerability in the file upload module of Strapi v4.1.5 allows attackers to execute arbitrary code via a crafted file...

9.8CVSS0.03018EPSS
Exploits1References2
attackerkb
attackerkb
added 2022/04/12 5:15 p.m.5 views

CVE-2022-27263

An arbitrary file upload vulnerability in the file upload module of Strapi v4.1.5 allows attackers to execute arbitrary code via a crafted file...

9.8CVSS6.2AI score0.03018EPSS
Exploits1References3
cve
cve
added 2022/04/12 4:29 p.m.102 views

CVE-2022-27263

CVE-2022-27263 describes an arbitrary file upload vulnerability in the file upload module of Strapi v4.1.5 that allows an attacker to execute arbitrary code via a crafted file. The CVE is corroborated by multiple connected records (e.g., Red Hat, OSV, GHSA, NVD) with the same description. The und...

9.8CVSS9.5AI score0.03018EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder