Lucene search
K

4 matches found

NVD
NVD
added 2022/07/13 9:15 p.m.36 views

CVE-2022-32114

An unrestricted file upload vulnerability in the Add New Assets function of Strapi 4.1.12 allows attackers to conduct XSS attacks via a crafted PDF file. NOTE: the project documentation suggests that a user with the Media Library "Create upload" permission is supposed to be able to upload PDF fil...

8.8CVSS0.01578EPSS
Exploits1References6
Prion
Prion
added 2022/07/13 9:15 p.m.22 views

Unrestricted file upload

DISPUTED An unrestricted file upload vulnerability in the Add New Assets function of Strapi 4.1.12 allows attackers to conduct XSS attacks via a crafted PDF file. NOTE: the project documentation suggests that a user with the Media Library "Create upload" permission is supposed to be able to uploa...

6.5CVSS8.1AI score0.01578EPSS
Exploits1References6Affected Software1
Cvelist
Cvelist
added 2022/07/13 12:0 a.m.34 views

CVE-2022-32114

An unrestricted file upload vulnerability in the Add New Assets function of Strapi 4.1.12 allows attackers to conduct XSS attacks via a crafted PDF file. NOTE: the project documentation suggests that a user with the Media Library "Create upload" permission is supposed to be able to upload PDF fil...

8.4AI score0.01578EPSS
Exploits1References6
CVE
CVE
added 2022/07/13 12:0 a.m.94 views

CVE-2022-32114

CVE-2022-32114 describes an unrestricted file upload in Strapi 4.1.12 via the Add New Assets function, enabling an attacker to cause XSS by uploading a crafted PDF. The notes indicate that media upload permissions and public assets exposure can influence risk, with potential to upload PDFs contai...

8.8CVSS8.2AI score0.01578EPSS
Exploits1References6Affected Software1
Rows per page
Query Builder