Lucene search
K

8 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 10:26 a.m.6 views

CVE-2024-6534

Directus v10.13.0 allows an authenticated external attacker to modify presets created by the same user to assign them to another user. This is possible because the application only validates the user parameter in the 'POST /presets' request but not in the PATCH request. When chained with...

5.4CVSS6.1AI score0.00358EPSS
Exploits1References1
Circl
Circl
added 2024/08/15 5:56 a.m.6 views

CVE-2024-6534

creationtimestamp| type| source ---|---|--- 2024-08-15 05:56:35+00:00| seen| https://t.me/cvedetector/3224 2024-08-15 06:46:45+00:00| seen| https://t.me/cvedetector/3228...

4.3CVSS4.8AI score0.00326EPSS
Exploits0References2
NVD
NVD
added 2024/08/15 4:15 a.m.30 views

CVE-2024-6534

Directus v10.13.0 allows an authenticated external attacker to modify presets created by the same user to assign them to another user. This is possible because the application only validates the user parameter in the 'POST /presets' request but not in the PATCH request. When chained with...

4.3CVSS0.00326EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/08/15 3:10 a.m.16 views

CVE-2024-6534 Directus 10.13.0 - Insecure object reference via PATH presets

Directus v10.13.0 allows an authenticated external attacker to modify presets created by the same user to assign them to another user. This is possible because the application only validates the user parameter in the 'POST /presets' request but not in the PATCH request. When chained with...

4.3CVSS6.8AI score0.00326EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/08/15 3:10 a.m.31 views

CVE-2024-6534 Directus 10.13.0 - Insecure object reference via PATH presets

Directus v10.13.0 allows an authenticated external attacker to modify presets created by the same user to assign them to another user. This is possible because the application only validates the user parameter in the 'POST /presets' request but not in the PATCH request. When chained with...

4.3CVSS0.00326EPSS
Exploits0References2
OSV
OSV
added 2024/08/15 3:10 a.m.13 views

CVE-2024-6534 Directus 10.13.0 - Insecure object reference via PATH presets

Directus v10.13.0 allows an authenticated external attacker to modify presets created by the same user to assign them to another user. This is possible because the application only validates the user parameter in the 'POST /presets' request but not in the PATCH request. When chained with...

4.3CVSS5.9AI score0.00326EPSS
Exploits0References4
CVE
CVE
added 2024/08/15 3:10 a.m.76 views

CVE-2024-6534

CVE-2024-6534 affects Directus v10.13.0. An authenticated external attacker can modify presets created by the same user to assign them to another user due to insufficient validation of the user parameter in PATCH /presets (only POST /presets is validated). This vulnerability, when chained with CV...

4.3CVSS4.2AI score0.00326EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2024/08/15 3:4 a.m.66 views

CVE-2024-6533

Directus 10.13.0 is affected by a DOM-based XSS flaw where an authenticated attacker can inject and store an attacker-controlled value that is rendered into an unsanitized DOM element on the client. The issue stems from how a parameter is stored on the server and later used by the client, enablin...

5.4CVSS4.8AI score0.00358EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder