3 matches found
CVE-2023-27474 HTML Injection in Password Reset email to custom Reset URL in directus
Directus is a real-time API and App dashboard for managing SQL database content. Instances relying on an allow-listed reset URL are vulnerable to an HTML injection attack through the use of query parameters in the reset URL. An attacker could exploit this to email users urls to the servers domain...
CVE-2023-27474
Directus (real‑time API and App dashboard for SQL content) has a HTML injection vulnerability in reset URLs when an allow‑listed reset URL is used. The issue arises from query parameters in the reset URL, enabling an attacker to craft emails directing users to the server domain that may include m...
CVE-2023-27474 HTML Injection in Password Reset email to custom Reset URL in directus
Directus is a real-time API and App dashboard for managing SQL database content. Instances relying on an allow-listed reset URL are vulnerable to an HTML injection attack through the use of query parameters in the reset URL. An attacker could exploit this to email users urls to the servers domain...