CVE-2022-29894

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-29894

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-29894.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2022-29894

Aliases

GHSA-mcqm-6ff4-53qx

Published

2022-06-13T05:15:11Z

Modified

2025-02-14T05:02:05Z

Severity

4.8 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

Strapi v3.x.x versions and earlier contain a stored cross-site scripting vulnerability in file upload function. By exploiting this vulnerability, an arbitrary script may be executed on the web browser of the user who is logging in to the product with the administrative privilege.

References

Affected packages

Git / github.com/strapi/strapi

Affected ranges

Type: GIT
Repo: https://github.com/strapi/strapi
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

86f882bc154e16321fbc83d0086e0d956bb5e82a