Cross-site Scripting (XSS)

Overview @directus/app is an App dashboard for Directus Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Block Editor interface when users with upload files and edit item permissions inject malicious JavaScript. An attacker can execute arbitrary scripts in the...

@bicou/directus-extension-imagga (=1.6.6), @deconz-community/directus-extension-ddf-store (=0.1.0) +7 more potentially affected by CVE-2025-24353 via @directus/app (>=10.0.0 <=13.3.0)

@directus/app NPM version =10.0.0, =10.0.0, =1.2.2, =10.0.0, =1.0.0, =2.0.0 - directus-extension-blog-year-filter =1.0.0 Source cves: CVE-2025-24353 Source advisory: OSV:GHSA-PMF4-V838-29HG...