4 matches found
CVE-2024-6534
Directus v10.13.0 allows an authenticated external attacker to modify presets created by the same user to assign them to another user. This is possible because the application only validates the user parameter in the 'POST /presets' request but not in the PATCH request. When chained with...
CVE-2024-6534 Directus 10.13.0 - Insecure object reference via PATH presets
Directus v10.13.0 allows an authenticated external attacker to modify presets created by the same user to assign them to another user. This is possible because the application only validates the user parameter in the 'POST /presets' request but not in the PATCH request. When chained with...
CVE-2024-6533
Directus 10.13.0 is affected by a DOM-based XSS flaw where an authenticated attacker can inject and store an attacker-controlled value that is rendered into an unsanitized DOM element on the client. The issue stems from how a parameter is stored on the server and later used by the client, enablin...
CVE-2022-41707
Relatedcode's Messenger version 7bcd20b allows an authenticated external attacker to access sensitive data of any user of the application. This is possible because the application exposes user data to the public...