Strapi v3.x.x versions and earlier contain a stored cross-site scripting vulnerability in file upload function. By exploiting this vulnerability, an arbitrary script may be executed on the web browser of the user who is logging in to the product with the administrative privilege.
References
Link | Resource |
---|---|
https://github.com/strapi/strapi | Product Third Party Advisory |
https://jvn.jp/en/jp/JVN44550983/index.html | Third Party Advisory |
https://strapi.io/ | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: jpcert
Published: 2022-06-13T04:50:35
Updated: 2022-06-13T04:50:34
Reserved: 2022-05-06T00:00:00
Link: CVE-2022-29894
JSON object: View
NVD Information
Status : Analyzed
Published: 2022-06-13T05:15:11.357
Modified: 2022-06-22T12:12:31.390
Link: CVE-2022-29894
JSON object: View
Redhat Information
No data.
CWE