EPSS
Percentile
35.1%
directus is vulnerable to cross-site scripting. The vulnerability exists because the live embed in the WYSIWYG is not disabled which allows an attacker to inject and execute arbitrary javascript.
WYSIWYG
github.com/directus/directus/commit/a8df6d96531fea4ee747594d0b047d2a676714be
github.com/directus/directus/pull/12020
github.com/directus/directus/pull/12020/
github.com/directus/directus/releases/tag/v9.7.0
github.com/directus/directus/security/advisories/GHSA-xmjj-3c76-5w84