Lucene search
China National Vulnerability DatabaseCNVD-2022-08389HistoryJan 14, 2022 - 12:00 a.m.
Directus Cross-Site Scripting Vulnerability (CNVD-2022-08389)
2022-01-1400:00:00
China National Vulnerability Database
www.cnvd.org.cn
7
directus
sql
database
xss
vulnerability
file upload
administrator
EPSS
0.001
Percentile
21.4%
Directus is a live Api and application dashboard. Used to manage Sql database content, Directus suffers from a cross-site scripting vulnerability that allows unlimited uploads of .html files in the media upload feature, which leads to a cross-site scripting vulnerability. A low-privilege attacker could exploit the vulnerability to upload a crafted HTML file as a configuration file, and when an administrator or other user opens it, the XSS payload is triggered.
Related
nvd
nvd
CVE-2022-22117
2022-01-10 16:15:10
prion
prion
Unrestricted file upload
2022-01-10 16:15:00
cvelist
cvelist
osv
osv
CVE-2022-22117
2022-01-10 16:15:10
cve
cve
CVE-2022-22117
2022-01-10 16:15:10