11 matches found
CVE-2022-24814
Directus XSS in Rich Text HTML interface: prior to v9.7.0, an iframe that links to an uploaded HTML file can load a second uploaded JS file, bypassing CSP and allowing arbitrary JS execution. Root cause: unsafe handling of embedded JS via WYSIWYG content. Impact: unauthorized JS execution within ...
CVE-2022-23080
Directus CMS: CVE-2022-23080 affects Directus v9.0.0-beta.2 through 9.6.0, enabling SSRF in the media upload flow that lets a low-privilege user perform internal port scans. The connected advisories describe exploit scenarios (e.g., DNS rebinding attempts in file import) and confirm ongoing discu...
CVE-2021-29641
CVE-2021-29641 affects Directus 8 up to 8.8.2. The vulnerability arises from file-upload permissions that allow uploading a PHP file to the main upload directory and, in a subdirectory, a PHP file plus an .htaccess, enabling remote authenticated code execution. Exploitation is limited to specific...
CVE-2022-22116
Directus Vulnerability: CVE-2022-22116 affects Directus versions 9.0.0-alpha.4 through 9.4.1 with a stored XSS via SVG file uploads in the media upload flow. Root cause: improper handling of SVG uploads allowing injection of arbitrary JavaScript, executed when a victim opens the image URL. Impact...
CVE-2022-22117
Directus contains a Cross-Site Scripting vulnerability in its media upload flow (versions 9.0.0-alpha.4 through 9.4.1) where unrestricted HTML file uploads can be used as a profile avatar. A low-privilege attacker can upload a crafted HTML file, and when an admin or another user opens it, the XSS...
CVE-2021-26593
CVE-2021-26593 affects Directus 8.x–8.8.1, where the API endpoint /users/{id} can disclose extensive user data (email, first name, last name) and the 2FA secret, which can be regenerated. Root cause: exposure via an unauthorized or overly permissive user lookup that returns sensitive fields. Impa...
CVE-2021-26595
CVE-2021-26595 affects Directus 8.x–8.8.1, where the endpoint commonly called at connection time, api-aa, discloses sensitive environment details (CMS version, PHP version, and DBMS name). The issue is that this information disclosure occurs because api-aa is invoked automatically, with the note ...
CVE-2021-27583
Directus 8.x–8.8.1 is affected by a vulnerability where the password reset feature can be leveraged to determine if a given user exists in the database. The issue is confirmed across multiple sources (NVD/Red Hat/OSV/etc.) and is constrained to products no longer supported by the maintainer. The ...
CVE-2021-26594
CVE-2021-26594 affects Directus 8.x through 8.8.1, where an attacker can switch to the administrator role via PATCH without backend checks. The vulnerability is limited to products no longer supported by the maintainer. Remediation in public docs advises upgrading to a supported Directus version;...
CVE-2023-27474
Directus (real‑time API and App dashboard for SQL content) has a HTML injection vulnerability in reset URLs when an allow‑listed reset URL is used. The issue arises from query parameters in the reset URL, enabling an attacker to craft emails directing users to the server domain that may include m...
CVE-2018-10723
Directus 6.4.9 contains a hardcoded admin password for the Admin account caused by an INSERT in api/schema.sql. Multiple sources (CNVD-2018-09196, NVD CVE-2018-10723, OSV, PRION) describe this as an elevation of privilege/vector involving a hardcoded credential, enabling potential administrator a...