Lucene search
K

6 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 10:26 a.m.5 views

CVE-2024-6533

Directus v10.13.0 allows an authenticated external attacker to execute arbitrary JavaScript on the client. This is possible because the application injects an attacker-controlled parameter that will be stored in the server and used by the client into an unsanitized DOM element. When chained with...

5.4CVSS6.6AI score0.00358EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 10:26 a.m.6 views

CVE-2024-6534

Directus v10.13.0 allows an authenticated external attacker to modify presets created by the same user to assign them to another user. This is possible because the application only validates the user parameter in the 'POST /presets' request but not in the PATCH request. When chained with...

5.4CVSS6.1AI score0.00358EPSS
Exploits1References1
Github Security Blog
Github Security Blog
added 2024/08/27 7:54 p.m.30 views

Directus has an insecure object reference via PATH presets

Impact Directus v10.13.0 allows an authenticated external attacker to modify presets created by the same user to assign them to another user. This is possible because the application only validates the user parameter in the POST /presets request but not in the PATCH request. When chained with...

4.3CVSS4.5AI score0.00326EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2024/08/15 3:10 a.m.76 views

CVE-2024-6534

CVE-2024-6534 affects Directus v10.13.0. An authenticated external attacker can modify presets created by the same user to assign them to another user due to insufficient validation of the user parameter in PATCH /presets (only POST /presets is validated). This vulnerability, when chained with CV...

4.3CVSS4.2AI score0.00326EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2024/08/15 3:4 a.m.16 views

CVE-2024-6533 Directus 10.13.0 - DOM-Based cross-site scripting (XSS) via layout_options

Directus v10.13.0 allows an authenticated external attacker to execute arbitrary JavaScript on the client. This is possible because the application injects an attacker-controlled parameter that will be stored in the server and used by the client into an unsanitized DOM element. When chained with...

5.4CVSS0.00358EPSS
Exploits1References2
CVE
CVE
added 2024/08/15 3:4 a.m.66 views

CVE-2024-6533

Directus 10.13.0 is affected by a DOM-based XSS flaw where an authenticated attacker can inject and store an attacker-controlled value that is rendered into an unsanitized DOM element on the client. The issue stems from how a parameter is stored on the server and later used by the client, enablin...

5.4CVSS4.8AI score0.00358EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder