GHSA-R6WX-627V-GH2F Directus has an HTML Injection in Comment

Summary The Comment feature has implemented a filter to prevent users from adding restricted characters, such as HTML tags. However, this filter operates on the client-side, which can be bypassed, making the application vulnerable to HTML Injection. Details The Comment feature implements a...

PT-2024-36058 · Directus · Directus

Name of the Vulnerable Software and Affected Versions: Directus versions prior to 10.13.4 Directus versions prior to 11.2.0 Description: The Comment feature in Directus has a filter to prevent users from adding restricted characters, such as HTML tags. However, this filter operates on the...