Lucene search
K

4 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 10:26 a.m.5 views

CVE-2024-6533

Directus v10.13.0 allows an authenticated external attacker to execute arbitrary JavaScript on the client. This is possible because the application injects an attacker-controlled parameter that will be stored in the server and used by the client into an unsanitized DOM element. When chained with...

5.4CVSS6.6AI score0.00358EPSS
Exploits1References1
OSV
OSV
added 2024/08/15 6:32 a.m.5 views

GHSA-Q83V-HQ3J-4PQ3 Duplicate Advisory: Improper access control in Directus

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-3fff-gqw3-vj86. This link is maintained to preserve external references. Original Description Directus v10.13.0 allows an authenticated external attacker to modify presets created by the same user to assign them...

5.3CVSS5.8AI score0.00326EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2024/08/15 6:32 a.m.22 views

Duplicate Advisory: Improper access control in Directus

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-3fff-gqw3-vj86. This link is maintained to preserve external references. Original Description Directus v10.13.0 allows an authenticated external attacker to modify presets created by the same user to assign them...

4.4AI score
Exploits0References4Affected Software1
OSV
OSV
added 2024/08/15 3:4 a.m.13 views

CVE-2024-6533 Directus 10.13.0 - DOM-Based cross-site scripting (XSS) via layout_options

Directus v10.13.0 allows an authenticated external attacker to execute arbitrary JavaScript on the client. This is possible because the application injects an attacker-controlled parameter that will be stored in the server and used by the client into an unsanitized DOM element. When chained with...

5.4CVSS6.2AI score0.00358EPSS
Exploits1References4
Rows per page
Query Builder