3 matches found
CVE-2022-24814
Directus is a real-time API and App dashboard for managing SQL database content. Prior to version 9.7.0, unauthorized JavaScript JS can be executed by inserting an iframe into the rich text html interface that links to a file uploaded HTML file that loads another uploaded JS file in its script ta...
CVE-2022-24814
Directus XSS in Rich Text HTML interface: prior to v9.7.0, an iframe that links to an uploaded HTML file can load a second uploaded JS file, bypassing CSP and allowing arbitrary JS execution. Root cause: unsafe handling of embedded JS via WYSIWYG content. Impact: unauthorized JS execution within ...
CVE-2022-24814 Cross-site Scripting in Directus
Directus is a real-time API and App dashboard for managing SQL database content. Prior to version 9.7.0, unauthorized JavaScript JS can be executed by inserting an iframe into the rich text html interface that links to a file uploaded HTML file that loads another uploaded JS file in its script ta...