EPSS
Percentile
29.7%
directus is vulnerable to Cross-site Scripting (XSS). The vulnerability is due to allow-listed reset URLs through the query parameters, which allows the attacker to inject and execute malicious JavaScript into the browser through an email.
github.com/advisories/GHSA-4hmq-ggrm-qfc6
github.com/directus/directus/commit/0f9f0d8fc42a269aa2573efd67dd22b069b4fa83
github.com/directus/directus/issues/17119
github.com/directus/directus/pull/17120
github.com/directus/directus/security/advisories/GHSA-4hmq-ggrm-qfc6