Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
strapi strapi vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2020-27664
admin/src/containers/InputModalStepperProvider/index.js in Strapi prior to 3.2.5 has unwanted /proxy?url= functionality.
Strapi Strapi
7.5
CVSSv3
CVE-2020-27665
In Strapi prior to 3.2.5, there is no admin::hasPermissions restriction for CTB (aka content-type-builder) routes.
Strapi Strapi
5.4
CVSSv3
CVE-2020-27666
Strapi prior to 3.2.5 has stored XSS in the wysiwyg editor's preview feature.
Strapi Strapi
9.8
CVSSv3
CVE-2023-38507
Strapi is the an open-source headless content management system. Prior to version 4.12.1, there is a rate limit on the login function of Strapi's admin screen, but it is possible to circumvent it. Therefore, the possibility of unauthorized login by login brute force attack i...
Strapi Strapi
7.1
CVSSv3
CVE-2023-34093
Strapi is an open-source headless content management system. Prior to version 4.10.8, anyone (Strapi developers, users, plugins) can make every attribute of a Content-Type public without knowing it. The vulnerability only affects the handling of content types by Strapi, not the a...
Strapi Strapi
6.5
CVSSv3
CVE-2020-13961
Strapi prior to 3.0.2 could allow a remote authenticated malicious user to bypass security restrictions because templates are stored in a global variable without any sanitation. By sending a specially crafted request, an attacker could exploit this vulnerability to update the ema...
Strapi Strapi
6.7
CVSSv3
CVE-2022-0764
Arbitrary Command Injection in GitHub repository strapi/strapi before 4.1.0.
Strapi Strapi
4.8
CVSSv3
CVE-2022-29894
Strapi v3.x.x versions and previous versions contain a stored cross-site scripting vulnerability in file upload function. By exploiting this vulnerability, an arbitrary script may be executed on the web browser of the user who is logging in to the product with the administrative ...
Strapi Strapi
2.7
CVSSv3
CVE-2023-37263
Strapi is the an open-source headless content management system. Prior to version 4.12.1, field level permissions are not respected in the relationship title. If an actor has relationship title and the relationship shows a field they don't have permission to see, the field w...
Strapi Strapi
7.2
CVSSv3
CVE-2023-22621
Strapi up to and including 4.5.5 allows authenticated Server-Side Template Injection (SSTI) that can be exploited to execute arbitrary code on the server. A remote attacker with access to the Strapi admin panel can inject a crafted payload that executes code on the server into an...
Strapi Strapi
3 Github repositories
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
cross-site request forgery
CVE-2024-34351
CVE-2024-1076
CVE-2024-25522
CVE-2024-34547
CVE-2024-4644
unauthorized
remote
CVE-2024-4671
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »