Strapi Security Vulnerabilities and Issues — Strapi CVE List

Lucene search

StrapiStrapi

5 matches found

CVE•added 2020/02/04 8:15 p.m.•52 views

CVE-2020-8123

A denial of service exists in strapi v3.0.0-beta.18.3 and earlier that can be abused in the admin console using admin rights can lead to arbitrary restart of the application.

4.9CVSS5.1AI score0.00633EPSS

CVE•added 2020/10/22 7:15 p.m.•48 views

CVE-2020-27664

admin/src/containers/InputModalStepperProvider/index.js in Strapi before 3.2.5 has unwanted /proxy?url= functionality.

9.8CVSS9.3AI score0.01344EPSS

CVE•added 2020/10/22 7:15 p.m.•45 views

CVE-2020-27666

Strapi before 3.2.5 has stored XSS in the wysiwyg editor's preview feature.

5.4CVSS5.1AI score0.00281EPSS

CVE•added 2020/10/22 7:15 p.m.•43 views

CVE-2020-27665

In Strapi before 3.2.5, there is no admin::hasPermissions restriction for CTB (aka content-type-builder) routes.

7.5CVSS7.5AI score0.00292EPSS

CVE•added 2020/06/19 5:15 p.m.•35 views

CVE-2020-13961

Strapi before 3.0.2 could allow a remote authenticated attacker to bypass security restrictions because templates are stored in a global variable without any sanitation. By sending a specially crafted request, an attacker could exploit this vulnerability to update the email template for both passwo...

6.5CVSS6.3AI score0.00622EPSS