Description
Strapi v3.x.x versions and earlier contain a stored cross-site scripting vulnerability in file upload function. By exploiting this vulnerability, an arbitrary script may be executed on the web browser of the user who is logging in to the product with the administrative privilege.
Remediation
References
https://github.com/strapi/strapi
https://jvn.jp/en/jp/JVN44550983/index.html
https://strapi.io/
Related Vulnerabilities
CVE-2022-39366 Vulnerability in maven package io.acryl:datahub-client
CVE-2017-5941 Vulnerability in npm package node-serialize
CVE-2021-23784 Vulnerability in npm package tempura
CVE-2023-26140 Vulnerability in npm package @excalidraw/excalidraw
CVE-2018-16469 Vulnerability in maven package org.webjars.npm:merge