CVE-2022-22116

In Directus, versions 9.0.0-alpha.4 through 9.4.1 are vulnerable to stored Cross-Site Scripting (XSS) vulnerability via SVG file upload in media upload functionality. A low privileged attacker can inject arbitrary javascript code which will be executed in a victim’s browser when they open the image URL.

CVSS v3 5.4 MEDIUM
CVSS v2.0 3.5 LOW

5.4^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.3 / Impact : 2.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

3.5^/10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:N/AC:M/Au:S/C:N/I:P/A:N

Exploitability : 6.8 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication SINGLE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
https://github.com/directus/directus/commit/ec86d5412d45136915d9b622b4a890dd26932b10	Patch Third Party Advisory
https://www.whitesourcesoftware.com/vulnerability-database/CVE-2022-22116	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:rangerstudio:directus::::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:-::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:alpha10::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:alpha11::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:alpha12::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:alpha13::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:alpha14::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:alpha15::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:alpha16::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:alpha17::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:alpha18::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:alpha19::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:alpha20::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:alpha21::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:alpha22::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:alpha23::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:alpha24::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:alpha25::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:alpha26::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:alpha27::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:alpha31::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:alpha32::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:alpha33::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:alpha34::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:alpha35::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:alpha36::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:alpha37::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:alpha38::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:alpha39::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:alpha4::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:alpha40::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:alpha41::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:alpha42::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:alpha5::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:alpha6::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:alpha7::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:alpha8::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:alpha9::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:beta0::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:beta1::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:beta10::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:beta11::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:beta12::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:beta13::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:beta14::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:beta2::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:beta3::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:beta4::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:beta5::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:beta7::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:beta8::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:beta9::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:rc0::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:rc1::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:rc10::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:rc100::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:rc101::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:rc11::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:rc12::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:rc13::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:rc14::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:rc15::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:rc17::::::
	cpe:2.3:a:rangerstudio:directus:9.0.0:rc18::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc19::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc2::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc20::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc21::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc22::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc23::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc24::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc25::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc26::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc27::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc28::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc29::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc3::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc30::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc31::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc32::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc33::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc34::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc35::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc36::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc37::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc38::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc39::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc4::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc40::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc41::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc42::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc43::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc44::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc45::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc46::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc47::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc48::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc49::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc5::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc50::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc51::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc52::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc53::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc54::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc55::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc56::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc57::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc58::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc59::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc6::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc60::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc61::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc62::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc63::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc64::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc65::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc66::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc67::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc68::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc69::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc7::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc70::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc71::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc72::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc73::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc74::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc75::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc76::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc77::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc78::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc79::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc8::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc80::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc81::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc82::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc83::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc84::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc85::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc86::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc87::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc88::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc89::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc9::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc90::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc91::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc92::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc93::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc94::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc95::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc96::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc97::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc98::::::
cpe:2.3:a:rangerstudio:directus:9.0.0:rc99::::::

History

No history.

Information

Published : 2022-01-10 16:15

Updated : 2024-02-28 18:48

NVD link : CVE-2022-22116

Mitre link : CVE-2022-22116

CVE.ORG link : CVE-2022-22116

JSON object : View

Products Affected

rangerstudio

directus

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

5.4 /10

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

3.5 /10

Access Vector NETWORK

Access Complexity MEDIUM

Authentication SINGLE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

JSON object

Attach tags to CVE-2022-22116

5.4^/10

3.5^/10

Attach tags to `CVE-2022-22116`