Strapi prior to 3.0.2 could allow a remote authenticated malicious user to bypass security restrictions because templates are stored in a global variable without any sanitation. By sending a specially crafted request, an attacker could exploit this vulnerability to update the email template for both password reset and account confirmation emails.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
strapi strapi |