CVE-2022-29894

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-29894

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-29894.json

Aliases

GHSA-mcqm-6ff4-53qx

Published

2022-06-13T05:15:11Z

Modified

2023-11-08T04:09:15.421767Z

Details

Strapi v3.x.x versions and earlier contain a stored cross-site scripting vulnerability in file upload function. By exploiting this vulnerability, an arbitrary script may be executed on the web browser of the user who is logging in to the product with the administrative privilege.

References

https://strapi.io/
https://github.com/strapi/strapi
https://jvn.jp/en/jp/JVN44550983/index.html

Affected packages

Git / github.com/strapi/strapi

Affected ranges

Type: GIT
Repo: https://github.com/strapi/strapi
Events: Introduced

0The exact introduced commit is unknown

Last affected

86f882bc154e16321fbc83d0086e0d956bb5e82a