Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2022-29894 Vulnerability in npm package strapi

Description

Strapi v3.x.x versions and earlier contain a stored cross-site scripting vulnerability in file upload function. By exploiting this vulnerability, an arbitrary script may be executed on the web browser of the user who is logging in to the product with the administrative privilege.

Remediation

References

https://github.com/strapi/strapi

https://jvn.jp/en/jp/JVN44550983/index.html

https://strapi.io/

Related Vulnerabilities

CVE-2021-23363 Vulnerability in npm package kill-by-port

CVE-2019-17566 Vulnerability in maven package org.apache.xmlgraphics:batik-svgrasterizer

CVE-2022-25647 Vulnerability in maven package com.google.code.gson:gson

CVE-2023-47324 Vulnerability in maven package org.silverpeas.core:silverpeas-core-war

CVE-2019-19771 Vulnerability in npm package bitcoijns-lib

Severity

Medium

Classification

CWE-79 CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Tags

Product Third Party Advisory Vendor Advisory