CVE-2022-29894
MEDIUM4.8EPSS 0.48%Cross-site Scripting in Strapi
發布日:2022/6/14修改日:2023/11/8
描述
Strapi v3.x.x versions and earlier contain a stored cross-site scripting vulnerability in file upload function. By exploiting this vulnerability, an arbitrary script may be executed on the web browser of the user who is logging in to the product with the administrative privilege.
受影響套件(1)
- npm/strapifrom 0, <= 3.6.10
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM4.8 | CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N |