Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
NVD Vulnerability Details :
CVE-2022-22116
Analyzed
More InfoOfficial Page
Source-vulnerabilitylab@mend.io
View Known Exploited Vulnerability (KEV) details
Published At-10 Jan, 2022 | 16:15
Updated At-14 Jan, 2022 | 19:33

In Directus, versions 9.0.0-alpha.4 through 9.4.1 are vulnerable to stored Cross-Site Scripting (XSS) vulnerability via SVG file upload in media upload functionality. A low privileged attacker can inject arbitrary javascript code which will be executed in a victim’s browser when they open the image URL.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.15.4MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Primary2.03.5LOW
AV:N/AC:M/Au:S/C:N/I:P/A:N
CPE Matches
rangerstudio
rangerstudio
>>directus>>Versions from 9.0.1(inclusive) to 9.4.1(inclusive)
cpe:2.3:a:rangerstudio:directus:*:*:*:*:*:*:*:*
rangerstudio
rangerstudio
>>directus>>9.0.0
cpe:2.3:a:rangerstudio:directus:9.0.0:-:*:*:*:*:*:*
rangerstudio
rangerstudio
>>directus>>9.0.0
cpe:2.3:a:rangerstudio:directus:9.0.0:alpha10:*:*:*:*:*:*
rangerstudio
rangerstudio
>>directus>>9.0.0
cpe:2.3:a:rangerstudio:directus:9.0.0:alpha11:*:*:*:*:*:*
rangerstudio
rangerstudio
>>directus>>9.0.0
cpe:2.3:a:rangerstudio:directus:9.0.0:alpha12:*:*:*:*:*:*
rangerstudio
rangerstudio
>>directus>>9.0.0
cpe:2.3:a:rangerstudio:directus:9.0.0:alpha13:*:*:*:*:*:*
rangerstudio
rangerstudio
>>directus>>9.0.0
cpe:2.3:a:rangerstudio:directus:9.0.0:alpha14:*:*:*:*:*:*
rangerstudio
rangerstudio
>>directus>>9.0.0
cpe:2.3:a:rangerstudio:directus:9.0.0:alpha15:*:*:*:*:*:*
rangerstudio
rangerstudio
>>directus>>9.0.0
cpe:2.3:a:rangerstudio:directus:9.0.0:alpha16:*:*:*:*:*:*
rangerstudio
rangerstudio
>>directus>>9.0.0
cpe:2.3:a:rangerstudio:directus:9.0.0:alpha17:*:*:*:*:*:*
rangerstudio
rangerstudio
>>directus>>9.0.0
cpe:2.3:a:rangerstudio:directus:9.0.0:alpha18:*:*:*:*:*:*
rangerstudio
rangerstudio
>>directus>>9.0.0
cpe:2.3:a:rangerstudio:directus:9.0.0:alpha19:*:*:*:*:*:*
rangerstudio
rangerstudio
>>directus>>9.0.0
cpe:2.3:a:rangerstudio:directus:9.0.0:alpha20:*:*:*:*:*:*
rangerstudio
rangerstudio
>>directus>>9.0.0
cpe:2.3:a:rangerstudio:directus:9.0.0:alpha21:*:*:*:*:*:*
rangerstudio
rangerstudio
>>directus>>9.0.0
cpe:2.3:a:rangerstudio:directus:9.0.0:alpha22:*:*:*:*:*:*
rangerstudio
rangerstudio
>>directus>>9.0.0
cpe:2.3:a:rangerstudio:directus:9.0.0:alpha23:*:*:*:*:*:*
rangerstudio
rangerstudio
>>directus>>9.0.0
cpe:2.3:a:rangerstudio:directus:9.0.0:alpha24:*:*:*:*:*:*
rangerstudio
rangerstudio
>>directus>>9.0.0
cpe:2.3:a:rangerstudio:directus:9.0.0:alpha25:*:*:*:*:*:*
rangerstudio
rangerstudio
>>directus>>9.0.0
cpe:2.3:a:rangerstudio:directus:9.0.0:alpha26:*:*:*:*:*:*
rangerstudio
rangerstudio
>>directus>>9.0.0
cpe:2.3:a:rangerstudio:directus:9.0.0:alpha27:*:*:*:*:*:*
rangerstudio
rangerstudio
>>directus>>9.0.0
cpe:2.3:a:rangerstudio:directus:9.0.0:alpha31:*:*:*:*:*:*
rangerstudio
rangerstudio
>>directus>>9.0.0
cpe:2.3:a:rangerstudio:directus:9.0.0:alpha32:*:*:*:*:*:*
rangerstudio
rangerstudio
>>directus>>9.0.0
cpe:2.3:a:rangerstudio:directus:9.0.0:alpha33:*:*:*:*:*:*
rangerstudio
rangerstudio
>>directus>>9.0.0
cpe:2.3:a:rangerstudio:directus:9.0.0:alpha34:*:*:*:*:*:*
rangerstudio
rangerstudio
>>directus>>9.0.0
cpe:2.3:a:rangerstudio:directus:9.0.0:alpha35:*:*:*:*:*:*
rangerstudio
rangerstudio
>>directus>>9.0.0
cpe:2.3:a:rangerstudio:directus:9.0.0:alpha36:*:*:*:*:*:*
rangerstudio
rangerstudio
>>directus>>9.0.0
cpe:2.3:a:rangerstudio:directus:9.0.0:alpha37:*:*:*:*:*:*
rangerstudio
rangerstudio
>>directus>>9.0.0
cpe:2.3:a:rangerstudio:directus:9.0.0:alpha38:*:*:*:*:*:*
rangerstudio
rangerstudio
>>directus>>9.0.0
cpe:2.3:a:rangerstudio:directus:9.0.0:alpha39:*:*:*:*:*:*
rangerstudio
rangerstudio
>>directus>>9.0.0
cpe:2.3:a:rangerstudio:directus:9.0.0:alpha4:*:*:*:*:*:*
rangerstudio
rangerstudio
>>directus>>9.0.0
cpe:2.3:a:rangerstudio:directus:9.0.0:alpha40:*:*:*:*:*:*
rangerstudio
rangerstudio
>>directus>>9.0.0
cpe:2.3:a:rangerstudio:directus:9.0.0:alpha41:*:*:*:*:*:*
rangerstudio
rangerstudio
>>directus>>9.0.0
cpe:2.3:a:rangerstudio:directus:9.0.0:alpha42:*:*:*:*:*:*
rangerstudio
rangerstudio
>>directus>>9.0.0
cpe:2.3:a:rangerstudio:directus:9.0.0:alpha5:*:*:*:*:*:*
rangerstudio
rangerstudio
>>directus>>9.0.0
cpe:2.3:a:rangerstudio:directus:9.0.0:alpha6:*:*:*:*:*:*
rangerstudio
rangerstudio
>>directus>>9.0.0
cpe:2.3:a:rangerstudio:directus:9.0.0:alpha7:*:*:*:*:*:*
rangerstudio
rangerstudio
>>directus>>9.0.0
cpe:2.3:a:rangerstudio:directus:9.0.0:alpha8:*:*:*:*:*:*
rangerstudio
rangerstudio
>>directus>>9.0.0
cpe:2.3:a:rangerstudio:directus:9.0.0:alpha9:*:*:*:*:*:*
rangerstudio
rangerstudio
>>directus>>9.0.0
cpe:2.3:a:rangerstudio:directus:9.0.0:beta0:*:*:*:*:*:*
rangerstudio
rangerstudio
>>directus>>9.0.0
cpe:2.3:a:rangerstudio:directus:9.0.0:beta1:*:*:*:*:*:*
rangerstudio
rangerstudio
>>directus>>9.0.0
cpe:2.3:a:rangerstudio:directus:9.0.0:beta10:*:*:*:*:*:*
rangerstudio
rangerstudio
>>directus>>9.0.0
cpe:2.3:a:rangerstudio:directus:9.0.0:beta11:*:*:*:*:*:*
rangerstudio
rangerstudio
>>directus>>9.0.0
cpe:2.3:a:rangerstudio:directus:9.0.0:beta12:*:*:*:*:*:*
rangerstudio
rangerstudio
>>directus>>9.0.0
cpe:2.3:a:rangerstudio:directus:9.0.0:beta13:*:*:*:*:*:*
rangerstudio
rangerstudio
>>directus>>9.0.0
cpe:2.3:a:rangerstudio:directus:9.0.0:beta14:*:*:*:*:*:*
rangerstudio
rangerstudio
>>directus>>9.0.0
cpe:2.3:a:rangerstudio:directus:9.0.0:beta2:*:*:*:*:*:*
rangerstudio
rangerstudio
>>directus>>9.0.0
cpe:2.3:a:rangerstudio:directus:9.0.0:beta3:*:*:*:*:*:*
rangerstudio
rangerstudio
>>directus>>9.0.0
cpe:2.3:a:rangerstudio:directus:9.0.0:beta4:*:*:*:*:*:*
rangerstudio
rangerstudio
>>directus>>9.0.0
cpe:2.3:a:rangerstudio:directus:9.0.0:beta5:*:*:*:*:*:*
rangerstudio
rangerstudio
>>directus>>9.0.0
cpe:2.3:a:rangerstudio:directus:9.0.0:beta7:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-79Primaryvulnerabilitylab@mend.io
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://github.com/directus/directus/commit/ec86d5412d45136915d9b622b4a890dd26932b10vulnerabilitylab@mend.io
Patch
Third Party Advisory
https://www.whitesourcesoftware.com/vulnerability-database/CVE-2022-22116vulnerabilitylab@mend.io
Exploit
Third Party Advisory
Change History
0Changes found
Details not found