Search
Total
5 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-0764 | 1 Strapi | 1 Strapi | 2022-07-22 | 7.2 HIGH | 6.7 MEDIUM |
| Arbitrary Command Injection in GitHub repository strapi/strapi prior to 4.1.0. | |||||
| CVE-2022-29894 | 1 Strapi | 1 Strapi | 2022-06-22 | 3.5 LOW | 4.8 MEDIUM |
| Strapi v3.x.x versions and earlier contain a stored cross-site scripting vulnerability in file upload function. By exploiting this vulnerability, an arbitrary script may be executed on the web browser of the user who is logging in to the product with the administrative privilege. | |||||
| CVE-2020-27666 | 1 Strapi | 1 Strapi | 2020-10-27 | 3.5 LOW | 5.4 MEDIUM |
| Strapi before 3.2.5 has stored XSS in the wysiwyg editor's preview feature. | |||||
| CVE-2020-13961 | 1 Strapi | 1 Strapi | 2020-06-24 | 4.0 MEDIUM | 6.5 MEDIUM |
| Strapi before 3.0.2 could allow a remote authenticated attacker to bypass security restrictions because templates are stored in a global variable without any sanitation. By sending a specially crafted request, an attacker could exploit this vulnerability to update the email template for both password reset and account confirmation emails. | |||||
| CVE-2020-8123 | 1 Strapi | 1 Strapi | 2020-02-06 | 4.0 MEDIUM | 4.9 MEDIUM |
| A denial of service exists in strapi v3.0.0-beta.18.3 and earlier that can be abused in the admin console using admin rights can lead to arbitrary restart of the application. | |||||