Filtered by vendor Strapi
Subscriptions
Filtered by product Strapi
Subscriptions
Total
25 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-27664 | 1 Strapi | 1 Strapi | 2020-10-27 | 9.8 Critical |
| admin/src/containers/InputModalStepperProvider/index.js in Strapi before 3.2.5 has unwanted /proxy?url= functionality. | ||||
| CVE-2020-27665 | 1 Strapi | 1 Strapi | 2020-10-27 | 7.5 High |
| In Strapi before 3.2.5, there is no admin::hasPermissions restriction for CTB (aka content-type-builder) routes. | ||||
| CVE-2020-27666 | 1 Strapi | 1 Strapi | 2020-10-27 | 5.4 Medium |
| Strapi before 3.2.5 has stored XSS in the wysiwyg editor's preview feature. | ||||
| CVE-2020-13961 | 1 Strapi | 1 Strapi | 2020-06-24 | 6.5 Medium |
| Strapi before 3.0.2 could allow a remote authenticated attacker to bypass security restrictions because templates are stored in a global variable without any sanitation. By sending a specially crafted request, an attacker could exploit this vulnerability to update the email template for both password reset and account confirmation emails. | ||||
| CVE-2020-8123 | 1 Strapi | 1 Strapi | 2020-02-06 | 4.9 Medium |
| A denial of service exists in strapi v3.0.0-beta.18.3 and earlier that can be abused in the admin console using admin rights can lead to arbitrary restart of the application. | ||||