GHSA-mcqm-6ff4-53qx

Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/06/GHSA-mcqm-6ff4-53qx/GHSA-mcqm-6ff4-53qx.json
Aliases
  • CVE-2022-29894
Published
2022-06-14T00:00:38Z
Modified
2022-06-24T00:53:31Z
Details

Strapi v3.x.x versions and earlier contain a stored cross-site scripting vulnerability in file upload function. By exploiting this vulnerability, an arbitrary script may be executed on the web browser of the user who is logging in to the product with the administrative privilege.

References

Affected packages

npm / strapi

strapi

Affected ranges

Type
SEMVER
Events
Introduced
0

Affected versions

Database specific

{
    "last_known_affected_version_range": "<= 3.6.10"
}