Mend Vulnerability Database
What is a CVE vulnerability ID? What is a WS vulnerability ID?New vulnerability? Tell us about it!
We found results for “”
Date: January 10, 2022
DetailsDirectus application is affected by a stored XSS vulnerability via SVG file upload in media upload functionality. The script in the crafted file is executed in a victim’s browser when they open the image URL.
PoC DetailsLogin to the application with a low privileged user.
Go to the files section and upload the SVG file with the payload given below.
In a private window, login as administrator. Go to the file library and open the image in a new tab. Notice the XSS gets triggered.
Affected EnvironmentsGithub - v9.0.0-alpha.4 through v9.4.1; NPM - 9.0.0-alpha.5 through 9.4.1
PreventionUpdate to directus version 9.4.2
Good to know:
|Attack Vector (AV):||Network|
|Attack Complexity (AC):||Low|
|Privileges Required (PR):||Low|
|User Interaction (UI):||Required|
|Access Vector (AV):||Network|
|Access Complexity (AC):||Medium|