Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Perimeter Scanner
Scanning
Projects
Scanner
Agent Scanning
API Scanning
Manual Audit
Email
Webhook
Resources
Documents
Blog
Glossary
FAQ
Plugins
Pricing
Contacts
About Us
Partners
Branding Guideline
Settings
Sign in
StrapiStrapi

3 matches found

CVE
CVEadded 2023/04/19 4:15 p.m.166 views

CVE-2023-22894

Strapi through 4.5.5 allows attackers (with access to the admin panel) to discover sensitive user details by exploiting the query filter. The attacker can filter users by columns that contain sensitive information and infer a value from API responses. If the attacker has super admin access, then th...

4.9CVSS5.2AI score0.09927EPSS
CVE
CVEadded 2023/04/19 4:15 p.m.148 views

CVE-2023-22621

Strapi through 4.5.5 allows authenticated Server-Side Template Injection (SSTI) that can be exploited to execute arbitrary code on the server. A remote attacker with access to the Strapi admin panel can inject a crafted payload that executes code on the server into an email template that bypasses t...

7.2CVSS7.3AI score0.84171EPSS
CVE
CVEadded 2023/04/19 4:15 p.m.111 views

CVE-2023-22893

Strapi through 4.5.5 does not verify the access or ID tokens issued during the OAuth flow when the AWS Cognito login provider is used for authentication. A remote attacker could forge an ID token that is signed using the 'None' type algorithm to bypass authentication and impersonate any user that u...

7.5CVSS7.7AI score0.71416EPSS