CVE-2022-22116
10.01.2022, 16:15
In Directus, versions 9.0.0-alpha.4 through 9.4.1 are vulnerable to stored Cross-Site Scripting (XSS) vulnerability via SVG file upload in media upload functionality. A low privileged attacker can inject arbitrary javascript code which will be executed in a victims browser when they open the image URL.
Vendor | Product | Version |
---|---|---|
rangerstudio | directus | 9.0.1 ≤ 𝑥 ≤ 9.4.1 |
rangerstudio | directus | 9.0.0 |
rangerstudio | directus | 9.0.0:alpha10 |
rangerstudio | directus | 9.0.0:alpha11 |
rangerstudio | directus | 9.0.0:alpha12 |
rangerstudio | directus | 9.0.0:alpha13 |
rangerstudio | directus | 9.0.0:alpha14 |
rangerstudio | directus | 9.0.0:alpha15 |
rangerstudio | directus | 9.0.0:alpha16 |
rangerstudio | directus | 9.0.0:alpha17 |
rangerstudio | directus | 9.0.0:alpha18 |
rangerstudio | directus | 9.0.0:alpha19 |
rangerstudio | directus | 9.0.0:alpha20 |
rangerstudio | directus | 9.0.0:alpha21 |
rangerstudio | directus | 9.0.0:alpha22 |
rangerstudio | directus | 9.0.0:alpha23 |
rangerstudio | directus | 9.0.0:alpha24 |
rangerstudio | directus | 9.0.0:alpha25 |
rangerstudio | directus | 9.0.0:alpha26 |
rangerstudio | directus | 9.0.0:alpha27 |
rangerstudio | directus | 9.0.0:alpha31 |
rangerstudio | directus | 9.0.0:alpha32 |
rangerstudio | directus | 9.0.0:alpha33 |
rangerstudio | directus | 9.0.0:alpha34 |
rangerstudio | directus | 9.0.0:alpha35 |
rangerstudio | directus | 9.0.0:alpha36 |
rangerstudio | directus | 9.0.0:alpha37 |
rangerstudio | directus | 9.0.0:alpha38 |
rangerstudio | directus | 9.0.0:alpha39 |
rangerstudio | directus | 9.0.0:alpha4 |
rangerstudio | directus | 9.0.0:alpha40 |
rangerstudio | directus | 9.0.0:alpha41 |
rangerstudio | directus | 9.0.0:alpha42 |
rangerstudio | directus | 9.0.0:alpha5 |
rangerstudio | directus | 9.0.0:alpha6 |
rangerstudio | directus | 9.0.0:alpha7 |
rangerstudio | directus | 9.0.0:alpha8 |
rangerstudio | directus | 9.0.0:alpha9 |
rangerstudio | directus | 9.0.0:beta0 |
rangerstudio | directus | 9.0.0:beta1 |
rangerstudio | directus | 9.0.0:beta10 |
rangerstudio | directus | 9.0.0:beta11 |
rangerstudio | directus | 9.0.0:beta12 |
rangerstudio | directus | 9.0.0:beta13 |
rangerstudio | directus | 9.0.0:beta14 |
rangerstudio | directus | 9.0.0:beta2 |
rangerstudio | directus | 9.0.0:beta3 |
rangerstudio | directus | 9.0.0:beta4 |
rangerstudio | directus | 9.0.0:beta5 |
rangerstudio | directus | 9.0.0:beta7 |
rangerstudio | directus | 9.0.0:beta8 |
rangerstudio | directus | 9.0.0:beta9 |
rangerstudio | directus | 9.0.0:rc0 |
rangerstudio | directus | 9.0.0:rc1 |
rangerstudio | directus | 9.0.0:rc10 |
rangerstudio | directus | 9.0.0:rc100 |
rangerstudio | directus | 9.0.0:rc101 |
rangerstudio | directus | 9.0.0:rc11 |
rangerstudio | directus | 9.0.0:rc12 |
rangerstudio | directus | 9.0.0:rc13 |
rangerstudio | directus | 9.0.0:rc14 |
rangerstudio | directus | 9.0.0:rc15 |
rangerstudio | directus | 9.0.0:rc17 |
rangerstudio | directus | 9.0.0:rc18 |
rangerstudio | directus | 9.0.0:rc19 |
rangerstudio | directus | 9.0.0:rc2 |
rangerstudio | directus | 9.0.0:rc20 |
rangerstudio | directus | 9.0.0:rc21 |
rangerstudio | directus | 9.0.0:rc22 |
rangerstudio | directus | 9.0.0:rc23 |
rangerstudio | directus | 9.0.0:rc24 |
rangerstudio | directus | 9.0.0:rc25 |
rangerstudio | directus | 9.0.0:rc26 |
rangerstudio | directus | 9.0.0:rc27 |
rangerstudio | directus | 9.0.0:rc28 |
rangerstudio | directus | 9.0.0:rc29 |
rangerstudio | directus | 9.0.0:rc3 |
rangerstudio | directus | 9.0.0:rc30 |
rangerstudio | directus | 9.0.0:rc31 |
rangerstudio | directus | 9.0.0:rc32 |
rangerstudio | directus | 9.0.0:rc33 |
rangerstudio | directus | 9.0.0:rc34 |
rangerstudio | directus | 9.0.0:rc35 |
rangerstudio | directus | 9.0.0:rc36 |
rangerstudio | directus | 9.0.0:rc37 |
rangerstudio | directus | 9.0.0:rc38 |
rangerstudio | directus | 9.0.0:rc39 |
rangerstudio | directus | 9.0.0:rc4 |
rangerstudio | directus | 9.0.0:rc40 |
rangerstudio | directus | 9.0.0:rc41 |
rangerstudio | directus | 9.0.0:rc42 |
rangerstudio | directus | 9.0.0:rc43 |
rangerstudio | directus | 9.0.0:rc44 |
rangerstudio | directus | 9.0.0:rc45 |
rangerstudio | directus | 9.0.0:rc46 |
rangerstudio | directus | 9.0.0:rc47 |
rangerstudio | directus | 9.0.0:rc48 |
rangerstudio | directus | 9.0.0:rc49 |
rangerstudio | directus | 9.0.0:rc5 |
rangerstudio | directus | 9.0.0:rc50 |
rangerstudio | directus | 9.0.0:rc51 |
rangerstudio | directus | 9.0.0:rc52 |
rangerstudio | directus | 9.0.0:rc53 |
rangerstudio | directus | 9.0.0:rc54 |
rangerstudio | directus | 9.0.0:rc55 |
rangerstudio | directus | 9.0.0:rc56 |
rangerstudio | directus | 9.0.0:rc57 |
rangerstudio | directus | 9.0.0:rc58 |
rangerstudio | directus | 9.0.0:rc59 |
rangerstudio | directus | 9.0.0:rc6 |
rangerstudio | directus | 9.0.0:rc60 |
rangerstudio | directus | 9.0.0:rc61 |
rangerstudio | directus | 9.0.0:rc62 |
rangerstudio | directus | 9.0.0:rc63 |
rangerstudio | directus | 9.0.0:rc64 |
rangerstudio | directus | 9.0.0:rc65 |
rangerstudio | directus | 9.0.0:rc66 |
rangerstudio | directus | 9.0.0:rc67 |
rangerstudio | directus | 9.0.0:rc68 |
rangerstudio | directus | 9.0.0:rc69 |
rangerstudio | directus | 9.0.0:rc7 |
rangerstudio | directus | 9.0.0:rc70 |
rangerstudio | directus | 9.0.0:rc71 |
rangerstudio | directus | 9.0.0:rc72 |
rangerstudio | directus | 9.0.0:rc73 |
rangerstudio | directus | 9.0.0:rc74 |
rangerstudio | directus | 9.0.0:rc75 |
rangerstudio | directus | 9.0.0:rc76 |
rangerstudio | directus | 9.0.0:rc77 |
rangerstudio | directus | 9.0.0:rc78 |
rangerstudio | directus | 9.0.0:rc79 |
rangerstudio | directus | 9.0.0:rc8 |
rangerstudio | directus | 9.0.0:rc80 |
rangerstudio | directus | 9.0.0:rc81 |
rangerstudio | directus | 9.0.0:rc82 |
rangerstudio | directus | 9.0.0:rc83 |
rangerstudio | directus | 9.0.0:rc84 |
rangerstudio | directus | 9.0.0:rc85 |
rangerstudio | directus | 9.0.0:rc86 |
rangerstudio | directus | 9.0.0:rc87 |
rangerstudio | directus | 9.0.0:rc88 |
rangerstudio | directus | 9.0.0:rc89 |
rangerstudio | directus | 9.0.0:rc9 |
rangerstudio | directus | 9.0.0:rc90 |
rangerstudio | directus | 9.0.0:rc91 |
rangerstudio | directus | 9.0.0:rc92 |
rangerstudio | directus | 9.0.0:rc93 |
rangerstudio | directus | 9.0.0:rc94 |
rangerstudio | directus | 9.0.0:rc95 |
rangerstudio | directus | 9.0.0:rc96 |
rangerstudio | directus | 9.0.0:rc97 |
rangerstudio | directus | 9.0.0:rc98 |
rangerstudio | directus | 9.0.0:rc99 |
𝑥
= Vulnerable software versions
References