Filtered by vendor Monospace
Subscriptions
Filtered by product Directus
Subscriptions
Total
21 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-6533 | 2 Directus, Monospace | 2 Directus, Directus | 2024-08-19 | 4.1 Medium |
| Directus v10.13.0 allows an authenticated external attacker to execute arbitrary JavaScript on the client. This is possible because the application injects an attacker-controlled parameter that will be stored in the server and used by the client into an unsanitized DOM element. When chained with CVE-2024-6534, it could result in account takeover. | ||||