mirror of
https://github.com/0xMarcio/cve.git
synced 2025-05-29 09:41:05 +00:00
934 B
934 B
CVE-2022-22116
&color=brighgreen)
Description
In Directus, versions 9.0.0-alpha.4 through 9.4.1 are vulnerable to stored Cross-Site Scripting (XSS) vulnerability via SVG file upload in media upload functionality. A low privileged attacker can inject arbitrary javascript code which will be executed in a victim’s browser when they open the image URL.
POC
Reference
- https://www.whitesourcesoftware.com/vulnerability-database/CVE-2022-22116
- https://www.whitesourcesoftware.com/vulnerability-database/CVE-2022-22116
Github
No PoCs found on GitHub currently.