Vulnerabilities > Strapi > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-06-12 | CVE-2024-31217 | Unspecified vulnerability in Strapi Strapi is an open-source content management system. | 6.5 |
| 2023-11-20 | CVE-2023-48218 | Unspecified vulnerability in Strapi Protected Populate The Strapi Protected Populate Plugin protects `get` endpoints from revealing too much information. | 5.3 |
| 2023-09-15 | CVE-2023-36472 | Unspecified vulnerability in Strapi Strapi is an open-source headless content management system. | 5.7 |
| 2023-04-19 | CVE-2023-22894 | Cleartext Storage of Sensitive Information vulnerability in Strapi Strapi through 4.5.5 allows attackers (with access to the admin panel) to discover sensitive user details by exploiting the query filter. | 4.9 |
| 2022-06-13 | CVE-2022-29894 | Cross-site Scripting vulnerability in Strapi Strapi v3.x.x versions and earlier contain a stored cross-site scripting vulnerability in file upload function. | 4.8 |
| 2022-02-26 | CVE-2022-0764 | Unspecified vulnerability in Strapi Arbitrary Command Injection in GitHub repository strapi/strapi prior to 4.1.0. | 6.7 |
| 2020-10-22 | CVE-2020-27666 | Cross-site Scripting vulnerability in Strapi Strapi before 3.2.5 has stored XSS in the wysiwyg editor's preview feature. | 5.4 |
| 2020-06-19 | CVE-2020-13961 | Improper Input Validation vulnerability in Strapi Strapi before 3.0.2 could allow a remote authenticated attacker to bypass security restrictions because templates are stored in a global variable without any sanitation. | 6.5 |
| 2020-02-04 | CVE-2020-8123 | Resource Exhaustion vulnerability in Strapi A denial of service exists in strapi v3.0.0-beta.18.3 and earlier that can be abused in the admin console using admin rights can lead to arbitrary restart of the application. | 4.9 |