Количество 2
Количество 2
CVE-2024-54128
Directus is a real-time API and App dashboard for managing SQL database content. The Comment feature has implemented a filter to prevent users from adding restricted characters, such as HTML tags. However, this filter operates on the client-side, which can be bypassed, making the application vulnerable to HTML Injection. This vulerability is fixed in 10.13.4 and 11.2.0.
GHSA-r6wx-627v-gh2f
Directus has an HTML Injection in Comment
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2024-54128 Directus is a real-time API and App dashboard for managing SQL database content. The Comment feature has implemented a filter to prevent users from adding restricted characters, such as HTML tags. However, this filter operates on the client-side, which can be bypassed, making the application vulnerable to HTML Injection. This vulerability is fixed in 10.13.4 and 11.2.0. | CVSS3: 5.7 | 0% Низкий | около 1 года назад |
| GHSA-r6wx-627v-gh2f Directus has an HTML Injection in Comment | CVSS3: 5.7 | 0% Низкий | около 1 года назад |
Уязвимостей на страницу