GHSA-mcqm-6ff4-53qx

Source

https://github.com/advisories/GHSA-mcqm-6ff4-53qx

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/06/GHSA-mcqm-6ff4-53qx/GHSA-mcqm-6ff4-53qx.json

Aliases

CVE-2022-29894

Published

2022-06-14T00:00:38Z

Modified

2023-11-08T04:09:15.421767Z

Details

Strapi v3.x.x versions and earlier contain a stored cross-site scripting vulnerability in file upload function. By exploiting this vulnerability, an arbitrary script may be executed on the web browser of the user who is logging in to the product with the administrative privilege.

References

https://nvd.nist.gov/vuln/detail/CVE-2022-29894
https://github.com/strapi/strapi
https://jvn.jp/en/jp/JVN44550983/index.html
https://strapi.io

Affected packages

npm / strapi

Package

Name: strapi

Affected ranges

Type: SEMVER
Events: Introduced

0The exact introduced commit is unknown

Last affected

3.6.10