4 matches found
CVE-2022-32114
An unrestricted file upload vulnerability in the Add New Assets function of Strapi 4.1.12 allows attackers to conduct XSS attacks via a crafted PDF file. NOTE: the project documentation suggests that a user with the Media Library "Create upload" permission is supposed to be able to upload PDF fil...
Unrestricted file upload
DISPUTED An unrestricted file upload vulnerability in the Add New Assets function of Strapi 4.1.12 allows attackers to conduct XSS attacks via a crafted PDF file. NOTE: the project documentation suggests that a user with the Media Library "Create upload" permission is supposed to be able to uploa...
CVE-2022-32114
An unrestricted file upload vulnerability in the Add New Assets function of Strapi 4.1.12 allows attackers to conduct XSS attacks via a crafted PDF file. NOTE: the project documentation suggests that a user with the Media Library "Create upload" permission is supposed to be able to upload PDF fil...
CVE-2022-32114
CVE-2022-32114 describes an unrestricted file upload in Strapi 4.1.12 via the Add New Assets function, enabling an attacker to cause XSS by uploading a crafted PDF. The notes indicate that media upload permissions and public assets exposure can influence risk, with potential to upload PDFs contai...