3 matches found
CVE-2022-32114
An unrestricted file upload vulnerability in the Add New Assets function of Strapi 4.1.12 allows attackers to conduct XSS attacks via a crafted PDF file. NOTE: the project documentation suggests that a user with the Media Library "Create upload" permission is supposed to be able to upload PDF fil...
CVE-2022-32114
An unrestricted file upload vulnerability in the Add New Assets function of Strapi 4.1.12 allows attackers to conduct XSS attacks via a crafted PDF file. NOTE: the project documentation suggests that a user with the Media Library "Create upload" permission is supposed to be able to upload PDF fil...
PT-2022-21097
Name of the Vulnerable Software and Affected Versions Strapi version 4.1.12 Description An unrestricted file upload vulnerability in the Add New Assets function allows attackers to conduct XSS attacks via a crafted PDF file. The project documentation suggests that a user with the Media Library...