Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
strapi strapi vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-34093
Strapi is an open-source headless content management system. Prior to version 4.10.8, anyone (Strapi developers, users, plugins) can make every attribute of a Content-Type public without knowing it. The vulnerability only affects the handling of content types by Strapi, not the a...
Strapi Strapi
NA
CVE-2023-36472
Strapi is an open-source headless content management system. Prior to version 4.11.7, an unauthorized actor can get access to user reset password tokens if they have the configure view permissions. The `/content-manager/relations` route does not remove private fields or ensure th...
Strapi Strapi
7.5
CVSSv2
CVE-2020-27664
admin/src/containers/InputModalStepperProvider/index.js in Strapi prior to 3.2.5 has unwanted /proxy?url= functionality.
Strapi Strapi
NA
CVE-2023-39345
strapi is an open-source headless CMS. Versions before 4.13.1 did not properly restrict write access to fielded marked as private in the user registration endpoint. As such malicious users may be able to errantly modify their user records. This issue has been addressed in version...
Strapi Strapi
5
CVSSv2
CVE-2021-46440
Storing passwords in a recoverable format in the DOCUMENTATION plugin component of Strapi prior to 3.6.9 and 4.x prior to 4.1.5 allows an malicious user to access a victim's HTTP request, get the victim's cookie, perform a base64 decode on the victim's cookie, and ...
Strapi Strapi
NA
CVE-2023-38507
Strapi is the an open-source headless content management system. Prior to version 4.12.1, there is a rate limit on the login function of Strapi's admin screen, but it is possible to circumvent it. Therefore, the possibility of unauthorized login by login brute force attack i...
Strapi Strapi
6
CVSSv2
CVE-2022-30618
An authenticated user with access to the Strapi admin panel can view private and sensitive data, such as email and password reset tokens, for API users if content types accessible to the authenticated user contain relationships to API users (from:users-permissions). There are man...
Strapi Strapi
4
CVSSv2
CVE-2020-13961
Strapi prior to 3.0.2 could allow a remote authenticated malicious user to bypass security restrictions because templates are stored in a global variable without any sanitation. By sending a specially crafted request, an attacker could exploit this vulnerability to update the ema...
Strapi Strapi
NA
CVE-2023-22893
Strapi up to and including 4.5.5 does not verify the access or ID tokens issued during the OAuth flow when the AWS Cognito login provider is used for authentication. A remote attacker could forge an ID token that is signed using the 'None' type algorithm to bypass authe...
Strapi Strapi
7.2
CVSSv2
CVE-2022-0764
Arbitrary Command Injection in GitHub repository strapi/strapi before 4.1.0.
Strapi Strapi
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4761
command injection
CVE-2024-3676
IDOR
CVE-2024-30039
CVE-2024-32113
CVE-2024-30049
CVE-2024-4776
SQL injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »