Directus is a real-time API and App dashboard for managing SQL database content. The Comment feature has implemented a filter to prevent users from adding restricted characters, such as HTML tags. However, this filter operates on the client-side, which can be bypassed, making the application vulnerable to HTML Injection. This vulerability is fixed in 10.13.4 and 11.2.0.
Metrics
Affected Vendors & Products
References
History
Fri, 06 Dec 2024 16:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Thu, 05 Dec 2024 19:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | Directus is a real-time API and App dashboard for managing SQL database content. The Comment feature has implemented a filter to prevent users from adding restricted characters, such as HTML tags. However, this filter operates on the client-side, which can be bypassed, making the application vulnerable to HTML Injection. | Directus is a real-time API and App dashboard for managing SQL database content. The Comment feature has implemented a filter to prevent users from adding restricted characters, such as HTML tags. However, this filter operates on the client-side, which can be bypassed, making the application vulnerable to HTML Injection. This vulerability is fixed in 10.13.4 and 11.2.0. |
Thu, 05 Dec 2024 17:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | Directus is a real-time API and App dashboard for managing SQL database content. The Comment feature has implemented a filter to prevent users from adding restricted characters, such as HTML tags. However, this filter operates on the client-side, which can be bypassed, making the application vulnerable to HTML Injection. | |
Title | Directus has an HTML Injection in Comment | |
Weaknesses | CWE-80 | |
References |
| |
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: GitHub_M
Published: 2024-12-05T16:55:53.434Z
Updated: 2024-12-06T15:56:34.323Z
Reserved: 2024-11-29T18:02:16.753Z
Link: CVE-2024-54128
Vulnrichment
Updated: 2024-12-06T15:56:23.406Z
NVD
Status : Received
Published: 2024-12-05T17:15:15.130
Modified: 2024-12-05T19:15:08.857
Link: CVE-2024-54128
Redhat
No data.