CVE-2022-29894

Strapi v3.x.x versions and earlier contain a stored cross-site scripting vulnerability in file upload function. By exploiting this vulnerability, an arbitrary script may be executed on the web browser of the user who is logging in to the product with the administrative privilege.
References
Link Resource
https://github.com/strapi/strapi Product Third Party Advisory
https://jvn.jp/en/jp/JVN44550983/index.html Third Party Advisory
https://strapi.io/ Vendor Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:strapi:strapi:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2022-06-13 05:15

Updated : 2024-02-28 19:09


NVD link : CVE-2022-29894

Mitre link : CVE-2022-29894

CVE.ORG link : CVE-2022-29894


JSON object : View

Products Affected

strapi

  • strapi
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')