Vulnerabilities > Rangerstudio > Directus > Low
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-01-10 | CVE-2022-22117 | Cross-site Scripting vulnerability in Rangerstudio Directus In Directus, versions 9.0.0-alpha.4 through 9.4.1 allow unrestricted file upload of .html files in the media upload functionality, which leads to Cross-Site Scripting vulnerability. | 3.5 |
| 2022-01-10 | CVE-2022-22116 | Cross-site Scripting vulnerability in Rangerstudio Directus In Directus, versions 9.0.0-alpha.4 through 9.4.1 are vulnerable to stored Cross-Site Scripting (XSS) vulnerability via SVG file upload in media upload functionality. | 3.5 |