Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
strapi strapi vulnerabilities and exploits
(subscribe to this query)
4
CVSSv2
CVE-2020-8123
A denial of service exists in strapi v3.0.0-beta.18.3 and previous versions that can be abused in the admin console using admin rights can lead to arbitrary restart of the application.
Strapi Strapi
Strapi Strapi 3.0.0
9
CVSSv2
CVE-2022-30617
An authenticated user with access to the Strapi admin panel can view private and sensitive data, such as email and password reset tokens, for other admin panel users that have a relationship (e.g., created by, updated by) with content accessible to the authenticated user. For exa...
Strapi Strapi 4.0.0
Strapi Strapi
7.5
CVSSv2
CVE-2019-18818
strapi prior to 3.0.0-beta.17.5 mishandles password resets within packages/strapi-admin/controllers/Auth.js and packages/strapi-plugin-users-permissions/controllers/Auth.js.
Strapi Strapi
Strapi Strapi 3.0.0
8 Github repositories
9
CVSSv2
CVE-2019-19609
The Strapi framework prior to 3.0.0-beta.17.8 is vulnerable to Remote Code Execution in the Install and Uninstall Plugin components of the Admin panel, because it does not sanitize the plugin name, and attackers can inject arbitrary shell commands to be executed by the execa func...
Strapi Strapi
Strapi Strapi 3.0.0
9 Github repositories
NA
CVE-2023-34093
Strapi is an open-source headless content management system. Prior to version 4.10.8, anyone (Strapi developers, users, plugins) can make every attribute of a Content-Type public without knowing it. The vulnerability only affects the handling of content types by Strapi, not the a...
Strapi Strapi
NA
CVE-2023-22621
Strapi up to and including 4.5.5 allows authenticated Server-Side Template Injection (SSTI) that can be exploited to execute arbitrary code on the server. A remote attacker with access to the Strapi admin panel can inject a crafted payload that executes code on the server into an...
Strapi Strapi
3 Github repositories
5
CVSSv2
CVE-2021-46440
Storing passwords in a recoverable format in the DOCUMENTATION plugin component of Strapi prior to 3.6.9 and 4.x prior to 4.1.5 allows an malicious user to access a victim's HTTP request, get the victim's cookie, perform a base64 decode on the victim's cookie, and ...
Strapi Strapi
7.2
CVSSv2
CVE-2022-0764
Arbitrary Command Injection in GitHub repository strapi/strapi before 4.1.0.
Strapi Strapi
NA
CVE-2022-31367
Strapi prior to 3.6.10 and 4.x prior to 4.1.10 mishandles hidden attributes within admin API responses.
Strapi Strapi
3.5
CVSSv2
CVE-2022-29894
Strapi v3.x.x versions and previous versions contain a stored cross-site scripting vulnerability in file upload function. By exploiting this vulnerability, an arbitrary script may be executed on the web browser of the user who is logging in to the product with the administrative ...
Strapi Strapi
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
cross-site scripting
CVE-2024-5158
XML external entity
CVE-2024-4262
CVE-2024-2036
CVE-2024-4985
CVE-2024-21791
remote attackers
CVE-2023-43208
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »