Description
Strapi v3.x.x versions and earlier contain a stored cross-site scripting vulnerability in file upload function. By exploiting this vulnerability, an arbitrary script may be executed on the web browser of the user who is logging in to the product with the administrative privilege.
Remediation
References
https://github.com/strapi/strapi
https://jvn.jp/en/jp/JVN44550983/index.html
https://strapi.io/
Related Vulnerabilities
CVE-2023-26136 Vulnerability in maven package org.webjars.bowergithub.salesforce:tough-cookie
CVE-2018-3717 Vulnerability in npm package anywhere
CVE-2019-19771 Vulnerability in npm package bitcoisnj-lib
CVE-2019-10295 Vulnerability in maven package org.jenkins-ci.plugins:crittercism-dsym
CVE-2023-40351 Vulnerability in maven package org.jenkins-ci.plugins:favorite-view