Vulnerabilities > Rangerstudio > Directus > 9.0.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-03-06 | CVE-2023-27474 | Cross-site Scripting vulnerability in Rangerstudio Directus Directus is a real-time API and App dashboard for managing SQL database content. | 5.4 |
| 2022-06-22 | CVE-2022-23080 | Server-Side Request Forgery (SSRF) vulnerability in Rangerstudio Directus In directus versions v9.0.0-beta.2 through 9.6.0 are vulnerable to server-side request forgery (SSRF) in the media upload functionality which allows a low privileged user to perform internal network port scans. | 5.0 |
| 2022-04-04 | CVE-2022-24814 | Cross-site Scripting vulnerability in Rangerstudio Directus Directus is a real-time API and App dashboard for managing SQL database content. | 4.3 |
| 2022-01-10 | CVE-2022-22116 | Cross-site Scripting vulnerability in Rangerstudio Directus In Directus, versions 9.0.0-alpha.4 through 9.4.1 are vulnerable to stored Cross-Site Scripting (XSS) vulnerability via SVG file upload in media upload functionality. | 3.5 |
| 2022-01-10 | CVE-2022-22117 | Cross-site Scripting vulnerability in Rangerstudio Directus In Directus, versions 9.0.0-alpha.4 through 9.4.1 allow unrestricted file upload of .html files in the media upload functionality, which leads to Cross-Site Scripting vulnerability. | 3.5 |