Directus is a live Api and application dashboard. Used to manage Sql database content, Directus suffers from a cross-site scripting vulnerability that allows unrestricted uploading of .html files in the media upload function, which can be exploited by low-privilege attackers to execute JavaScript code on the client side.