Lucene search
+L

4 matches found

Github Security Blog
Github Security Blog
added 2025/11/14 9:45 p.m.9 views

Directus is Vulnerable to Stored Cross-site Scripting

Summary A stored cross-site scripting XSS vulnerability exists that allows users with upload files and edit item permissions to inject malicious JavaScript through the Block Editor interface. Attackers can bypass Content Security Policy CSP restrictions by combining file uploads with iframe srcdo...

5.5CVSS5.8AI score0.00241EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2025/11/13 9:13 p.m.21 views

CVE-2025-64747 Directus Vulnerable to Stored Cross-site Scripting

Directus is a real-time API and App dashboard for managing SQL database content. A stored cross-site scripting XSS vulnerability exists in versions prior to 11.13.0 that allows users with upload files and edit item permissions to inject malicious JavaScript through the Block Editor interface...

5.5CVSS0.00241EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2025/11/13 9:13 p.m.3 views

CVE-2025-64747 Directus Vulnerable to Stored Cross-site Scripting

Directus is a real-time API and App dashboard for managing SQL database content. A stored cross-site scripting XSS vulnerability exists in versions prior to 11.13.0 that allows users with upload files and edit item permissions to inject malicious JavaScript through the Block Editor interface...

5.5CVSS5.5AI score0.00241EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2025/11/13 12:0 a.m.11 views

PT-2025-46912

Name of the Vulnerable Software and Affected Versions Directus versions prior to 11.13.0 Description Directus is a real-time API and App dashboard for managing SQL database content. A stored cross-site scripting XSS issue exists that allows users with upload files and edit item permissions to...

5.5CVSS5.6AI score0.00241EPSS
Exploits1References11
Rows per page
Query Builder