Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Strapi
(Strapi)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 25 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2020-10-22 | CVE-2020-27666 | Strapi before 3.2.5 has stored XSS in the wysiwyg editor's preview feature. | Strapi | 5.4 | ||
| 2020-10-22 | CVE-2020-27665 | In Strapi before 3.2.5, there is no admin::hasPermissions restriction for CTB (aka content-type-builder) routes. | Strapi | 7.5 | ||
| 2020-10-22 | CVE-2020-27664 | admin/src/containers/InputModalStepperProvider/index.js in Strapi before 3.2.5 has unwanted /proxy?url= functionality. | Strapi | 9.8 | ||
| 2020-06-19 | CVE-2020-13961 | Strapi before 3.0.2 could allow a remote authenticated attacker to bypass security restrictions because templates are stored in a global variable without any sanitation. By sending a specially crafted request, an attacker could exploit this vulnerability to update the email template for both password reset and account confirmation emails. | Strapi | N/A | ||
| 2020-02-04 | CVE-2020-8123 | A denial of service exists in strapi v3.0.0-beta.18.3 and earlier that can be abused in the admin console using admin rights can lead to arbitrary restart of the application. | Strapi | N/A |