692 matches found
Strapi 跨站脚本漏洞
Strapi is an open source content management system CMS. Strapi suffers from a cross-site scripting vulnerability that stems from insufficient filtering of user-supplied data in the file upload function, which can be exploited by remote attackers to inject and execute arbitrary HTML and script cod...
JVN#44550983: Strapi vulnerable to cross-site scripting
Strapi contains a stored cross-site scripting vulnerability CWE-79 in the file upload function. Impact An arbitrary script may be executed on the web browser of the user who is logging in to the product with the administrative privilege. Solution Update the Software Update the software to the...
GHSA-85VG-GRR5-PW42 Insecure password handling vulnerability in Strapi
Storing passwords in a recoverable format in the DOCUMENTATION plugin component of Strapi before 3.6.9 and 4.x before 4.1.5 allows an attacker to access a victim's HTTP request. From this, the attacker can get the victim's cookie, base64 decode it, and obtain a cleartext password, leading to...
@depup/strapi (=2.0.2-depup.0), @jayway/tds (=0.0.1) +25 more potentially affected by CVE-2021-46440 via strapi (>=2.0.2 <=3.6.8)
strapi NPM version =2.0.2, =0.0.0, =0.0.1, =0.0.34, =1.1.0, =1.0.0, =3.6.1-0.1, =2.0.0, =2.0.2 - strapi-editorjs =0.0.1 and more Source cves: CVE-2021-46440 Source advisory: OSV:GHSA-85VG-GRR5-PW42...
@beardeddudes/strapi-types (=0.1.0), @bimbeo160/admin (=4.12.2) +50 more potentially affected by CVE-2021-46440 via @strapi/strapi (>=4.0.2 <=4.1.2)
@strapi/strapi NPM version =4.0.2, =4.12.2, =1.0.9, =1.0.0-alpha.2, =1.1.0, =4.12.4-lakileki.1, =3.5.2, =1.0.1, =1.0.8, =1.0.81 and more Source cves: CVE-2021-46440 Source advisory: OSV:GHSA-85VG-GRR5-PW42...
Insecure password handling vulnerability in Strapi
Storing passwords in a recoverable format in the DOCUMENTATION plugin component of Strapi before 3.6.9 and 4.x before 4.1.5 allows an attacker to access a victim's HTTP request. From this, the attacker can get the victim's cookie, base64 decode it, and obtain a cleartext password, leading to...
CVE-2021-46440
Storing passwords in a recoverable format in the DOCUMENTATION plugin component of Strapi before 3.6.9 and 4.x before 4.1.5 allows an attacker to access a victim's HTTP request, get the victim's cookie, perform a base64 decode on the victim's cookie, and obtain a cleartext password, leading to...
CVE-2021-46440
Storing passwords in a recoverable format in the DOCUMENTATION plugin component of Strapi before 3.6.9 and 4.x before 4.1.5 allows an attacker to access a victim's HTTP request, get the victim's cookie, perform a base64 decode on the victim's cookie, and obtain a cleartext password, leading to...
Format string
Storing passwords in a recoverable format in the DOCUMENTATION plugin component of Strapi before 3.6.9 and 4.x before 4.1.5 allows an attacker to access a victim's HTTP request, get the victim's cookie, perform a base64 decode on the victim's cookie, and obtain a cleartext password, leading to...
CVE-2021-46440
The CVE-2021-46440 issue affects Strapi (DOCUMENTATION plugin) prior to 3.6.9 and prior to 4.1.5. It stores passwords in a recoverable format, allowing an attacker who can access a victim’s HTTP request to retrieve the cookie, base64-decode it, and obtain a cleartext password. This enables access...
CVE-2021-46440
Storing passwords in a recoverable format in the DOCUMENTATION plugin component of Strapi before 3.6.9 and 4.x before 4.1.5 allows an attacker to access a victim's HTTP request, get the victim's cookie, perform a base64 decode on the victim's cookie, and obtain a cleartext password, leading to...
Strapi 3.6.8 Password Disclosure / Insecure Handling Vulnerabilities
Exploit Title: Strapi " Exploit Author: Kitchaphan Singchai idealphase Vendor Homepage: https://strapi.io/ Software Link: https://github.com/strapi/strapi/releases Vulnerable Version: ..SNIP.. Redirecting to /documentation. Perform Base64 decoding and we got plaintext password in “documentation”...
Strapi 3.6.8 Password Disclosure / Insecure Handling
Exploit Title: Strapi " Date: 2022-03-30 Exploit Author: Kitchaphan Singchai idealphase Vendor Homepage: https://strapi.io/ Software Link: https://github.com/strapi/strapi/releases Vulnerable Version: ..SNIP.. Redirecting to /documentati...
Strapi 安全漏洞
Strapi is an open source headless content management system CMS. A security vulnerability exists in Strapi that stems from the storage of passwords in a recoverable format in the DOCUMENTATION plug-in component. An attacker could use this vulnerability to access a victim's HTTP request, obtain th...
@depup/strapi (=2.0.2-depup.0), @jayway/tds (=0.0.1) +25 more potentially affected by CVE-2022-27263 via strapi (>=2.0.2 <=3.6.8)
strapi NPM version =2.0.2, =0.0.0, =0.0.1, =0.0.34, =1.1.0, =1.0.0, =3.6.1-0.1, =2.0.0, =2.0.2 - strapi-editorjs =0.0.1 and more Source cves: CVE-2022-27263 Source advisory: OSV:GHSA-9QGM-W87Q-HX89...
GHSA-9QGM-W87Q-HX89 Unrestricted Upload of File with Dangerous Type in Strapi
An arbitrary file upload vulnerability in the file upload module of Strapi v4.1.5 allows attackers to execute arbitrary code via a crafted file...
Unrestricted Upload of File with Dangerous Type in Strapi
An arbitrary file upload vulnerability in the file upload module of Strapi v4.1.5 allows attackers to execute arbitrary code via a crafted file...
CVE-2022-27263
An arbitrary file upload vulnerability in the file upload module of Strapi v4.1.5 allows attackers to execute arbitrary code via a crafted file...
CVE-2022-27263
An arbitrary file upload vulnerability in the file upload module of Strapi v4.1.5 allows attackers to execute arbitrary code via a crafted file...
CVE-2022-27263
CVE-2022-27263 describes an arbitrary file upload vulnerability in the file upload module of Strapi v4.1.5 that allows an attacker to execute arbitrary code via a crafted file. The CVE is corroborated by multiple connected records (e.g., Red Hat, OSV, GHSA, NVD) with the same description. The und...