{"containers": {"cna": {"affected": [{"product": "directus", "vendor": "directus", "versions": [{"lessThan": "unspecified", "status": "affected", "version": "9.0.0", "versionType": "custom"}, {"lessThanOrEqual": "9.4.1", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "WhiteSource Vulnerability Research Team (WVR)"}], "datePublic": "2022-01-04T00:00:00", "descriptions": [{"lang": "en", "value": "In Directus, versions 9.0.0-alpha.4 through 9.4.1 allow unrestricted file upload of .html files in the media upload functionality, which leads to Cross-Site Scripting vulnerability. A low privileged attacker can upload a crafted HTML file as a profile avatar, and when an admin or another user opens it, the XSS payload gets triggered."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-79", "description": "CWE-79 Cross-site Scripting (XSS)", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-01-10T15:26:45", "orgId": "478c68dd-22c1-4a41-97cd-654224dfacff", "shortName": "Mend"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://github.com/directus/directus/commit/ec86d5412d45136915d9b622b4a890dd26932b10"}, {"tags": ["x_refsource_MISC"], "url": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2022-22117"}], "solutions": [{"lang": "en", "value": "Update to directus version 9.4.2"}], "source": {"advisory": "https://www.whitesourcesoftware.com/vulnerability-database/", "discovery": "UNKNOWN"}, "title": "Directus - Stored Cross-Site Scripting (XSS) in Profile Avatar Image", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "vulnerabilitylab@whitesourcesoftware.com", "DATE_PUBLIC": "2022-01-04T22:00:00.000Z", "ID": "CVE-2022-22117", "STATE": "PUBLIC", "TITLE": "Directus - Stored Cross-Site Scripting (XSS) in Profile Avatar Image"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "directus", "version": {"version_data": [{"version_affected": ">=", "version_value": "9.0.0"}, {"version_affected": "<=", "version_value": "9.4.1"}]}}]}, "vendor_name": "directus"}]}}, "credit": [{"lang": "eng", "value": "WhiteSource Vulnerability Research Team (WVR)"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In Directus, versions 9.0.0-alpha.4 through 9.4.1 allow unrestricted file upload of .html files in the media upload functionality, which leads to Cross-Site Scripting vulnerability. A low privileged attacker can upload a crafted HTML file as a profile avatar, and when an admin or another user opens it, the XSS payload gets triggered."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-79 Cross-site Scripting (XSS)"}]}]}, "references": {"reference_data": [{"name": "https://github.com/directus/directus/commit/ec86d5412d45136915d9b622b4a890dd26932b10", "refsource": "MISC", "url": "https://github.com/directus/directus/commit/ec86d5412d45136915d9b622b4a890dd26932b10"}, {"name": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2022-22117", "refsource": "MISC", "url": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2022-22117"}]}, "solution": [{"lang": "en", "value": "Update to directus version 9.4.2"}], "source": {"advisory": "https://www.whitesourcesoftware.com/vulnerability-database/", "discovery": "UNKNOWN"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T03:00:55.377Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/directus/directus/commit/ec86d5412d45136915d9b622b4a890dd26932b10"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2022-22117"}]}]}, "cveMetadata": {"assignerOrgId": "478c68dd-22c1-4a41-97cd-654224dfacff", "assignerShortName": "Mend", "cveId": "CVE-2022-22117", "datePublished": "2022-01-10T15:26:45.928993Z", "dateReserved": "2021-12-21T00:00:00", "dateUpdated": "2024-09-16T18:44:02.548Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:rangerstudio:directus:*:*:*:*:*:*:*:*", "matchCriteriaId": "DF5B65F4-5470-449C-A32F-EB2D8E367E39", "versionEndIncluding": "9.4.1", "versionStartIncluding": "9.0.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:-:*:*:*:*:*:*", "matchCriteriaId": "93B8E89D-339F-46C7-B425-94EB4F67E85E", "vulnerable": true}, {"criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:alpha10:*:*:*:*:*:*", "matchCriteriaId": "55EB6511-9A3C-4047-9777-D1B81C7A2817", "vulnerable": true}, {"criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:alpha11:*:*:*:*:*:*", "matchCriteriaId": "991728C9-FFE0-4B8C-ADA3-4D0FEDBB27FA", "vulnerable": true}, {"criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:alpha12:*:*:*:*:*:*", "matchCriteriaId": "CEB212D4-D004-485C-9440-A4C2CD3DE761", "vulnerable": true}, {"criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:alpha13:*:*:*:*:*:*", "matchCriteriaId": "4EDCF08A-E376-483D-BB4D-FAC2BE15D0AD", "vulnerable": true}, {"criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:alpha14:*:*:*:*:*:*", "matchCriteriaId": "B09C31B4-C30D-4DE2-A946-83D17333C4FC", "vulnerable": true}, {"criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:alpha15:*:*:*:*:*:*", "matchCriteriaId": "6ABBA454-0423-4C8D-A3D7-BF40DFE46C7F", "vulnerable": true}, {"criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:alpha16:*:*:*:*:*:*", "matchCriteriaId": "5D18FA6B-3DB7-4CC1-B65A-2936F5CBC786", "vulnerable": true}, {"criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:alpha17:*:*:*:*:*:*", "matchCriteriaId": "412A6CDE-1EEF-4023-A893-63B132D258D2", "vulnerable": true}, {"criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:alpha18:*:*:*:*:*:*", "matchCriteriaId": "EBD0C110-69C2-4A34-B01B-970DEFFA6F48", "vulnerable": true}, {"criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:alpha19:*:*:*:*:*:*", "matchCriteriaId": "31689A2D-DB6D-4B60-BE83-733505F5073D", "vulnerable": true}, {"criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:alpha20:*:*:*:*:*:*", "matchCriteriaId": "C9CA67D0-2B89-4E3E-8246-824FF2E799B8", "vulnerable": true}, {"criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:alpha21:*:*:*:*:*:*", "matchCriteriaId": "AFA2267B-682B-49E3-993F-486662E69E2A", "vulnerable": true}, {"criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:alpha22:*:*:*:*:*:*", "matchCriteriaId": "EEB3F886-A296-4654-A65B-2A051F18B59C", "vulnerable": true}, {"criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:alpha23:*:*:*:*:*:*", "matchCriteriaId": "255393C9-B87B-4FD6-A0DC-0EB7DC0A17C7", "vulnerable": true}, {"criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:alpha24:*:*:*:*:*:*", "matchCriteriaId": "A4C8AA33-28B7-4D31-8C3E-95B4E08B63A3", "vulnerable": true}, {"criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:alpha25:*:*:*:*:*:*", "matchCriteriaId": "BDCF6BE6-3040-49AB-8110-D8A21EC3C9FA", "vulnerable": true}, {"criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:alpha26:*:*:*:*:*:*", "matchCriteriaId": "661030BB-57C6-4E10-8B9D-FB88E3CBCF68", "vulnerable": true}, {"criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:alpha27:*:*:*:*:*:*", "matchCriteriaId": "3293A560-0E41-4666-88D5-F21E4BE83A71", "vulnerable": true}, {"criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:alpha31:*:*:*:*:*:*", "matchCriteriaId": "6DBE590D-7D3B-4A4D-BD37-338C1B0E8C67", "vulnerable": true}, {"criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:alpha32:*:*:*:*:*:*", "matchCriteriaId": "D23295C8-B952-4FC5-8638-3C552012CAE9", "vulnerable": true}, {"criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:alpha33:*:*:*:*:*:*", "matchCriteriaId": "C14C81A9-0B3A-4012-B67B-2DC3D6C61E00", "vulnerable": true}, {"criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:alpha34:*:*:*:*:*:*", "matchCriteriaId": "D53177AD-EE8C-46B1-B424-713609CFD89A", "vulnerable": true}, {"criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:alpha35:*:*:*:*:*:*", "matchCriteriaId": "EEC87C06-6166-4A8C-B42E-E1AB1C772856", "vulnerable": true}, {"criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:alpha36:*:*:*:*:*:*", "matchCriteriaId": "36E6D59B-F31C-4A39-913C-0BA2F312D60E", "vulnerable": true}, {"criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:alpha37:*:*:*:*:*:*", "matchCriteriaId": "3B5DFB5B-6B4D-4E5F-B008-7E7D665F3B57", "vulnerable": true}, {"criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:alpha38:*:*:*:*:*:*", "matchCriteriaId": "9990CD23-1DC5-4376-8BE1-147BBEBF6B1D", "vulnerable": true}, {"criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:alpha39:*:*:*:*:*:*", "matchCriteriaId": "22A50CB3-C3C5-48DB-925A-58543DB749A7", "vulnerable": true}, {"criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:alpha4:*:*:*:*:*:*", "matchCriteriaId": "83673538-623A-41AF-B6C4-E409FDF04AF4", "vulnerable": true}, {"criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:alpha40:*:*:*:*:*:*", "matchCriteriaId": "4BF56F69-DFE1-4D2B-B9E2-42DFD0B40A2B", "vulnerable": true}, {"criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:alpha41:*:*:*:*:*:*", "matchCriteriaId": "9C10C163-C0B3-4BCA-BCEE-DBDBA2C714D7", "vulnerable": true}, {"criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:alpha42:*:*:*:*:*:*", "matchCriteriaId": "5133759B-6F2A-422B-BCA9-D5665C3F8388", "vulnerable": true}, {"criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:alpha5:*:*:*:*:*:*", "matchCriteriaId": "210E0FC0-D30C-4931-B913-53B4E14A164A", "vulnerable": true}, {"criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:alpha6:*:*:*:*:*:*", "matchCriteriaId": "AA462266-3F3F-4400-A5E1-3A426978EB02", "vulnerable": true}, {"criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:alpha7:*:*:*:*:*:*", "matchCriteriaId": "FBF7C20A-89BE-4CFB-B89F-3FD0708C973B", "vulnerable": true}, {"criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:alpha8:*:*:*:*:*:*", "matchCriteriaId": "E589B388-842A-4145-972F-764C78662BC2", "vulnerable": true}, {"criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:alpha9:*:*:*:*:*:*", "matchCriteriaId": "5C3F13DB-B66C-41C9-BB51-6EF7ACD6E6A3", "vulnerable": true}, {"criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:beta0:*:*:*:*:*:*", "matchCriteriaId": "7BD6203E-2AA9-4558-82D6-001C8237230A", "vulnerable": true}, {"criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:beta1:*:*:*:*:*:*", "matchCriteriaId": "A34C9EE7-3FD3-4795-A20B-42A65880BF12", "vulnerable": true}, {"criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:beta10:*:*:*:*:*:*", "matchCriteriaId": "E7E685D8-87F3-4644-82F7-5011906D664C", "vulnerable": true}, {"criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:beta11:*:*:*:*:*:*", "matchCriteriaId": "371A1F14-0E57-4D03-8CCF-1E04CF579363", "vulnerable": true}, {"criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:beta12:*:*:*:*:*:*", "matchCriteriaId": "3EBB9F0B-469B-46D4-8DF5-3CB0D26C35AD", "vulnerable": true}, {"criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:beta13:*:*:*:*:*:*", "matchCriteriaId": "7C687D37-2FAA-4F39-BADA-AD4A8B02C11B", "vulnerable": true}, {"criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:beta14:*:*:*:*:*:*", "matchCriteriaId": "9906A21C-6823-4D7C-A6B9-276DC4929ACA", "vulnerable": true}, {"criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:beta2:*:*:*:*:*:*", "matchCriteriaId": "D17628E7-A69E-4395-A790-1C43F59FB79E", "vulnerable": true}, {"criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:beta3:*:*:*:*:*:*", "matchCriteriaId": "D0801D3E-87B1-4842-A891-23F73146326A", "vulnerable": true}, {"criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:beta4:*:*:*:*:*:*", "matchCriteriaId": "A019A0FA-C01D-488B-9C27-38EAD43C4576", "vulnerable": true}, {"criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:beta5:*:*:*:*:*:*", "matchCriteriaId": "57CFB169-BB99-480A-8DB8-5932E72195EF", "vulnerable": true}, {"criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:beta7:*:*:*:*:*:*", "matchCriteriaId": "E7488FF7-E4F9-4126-A3E0-1560C076A486", "vulnerable": true}, {"criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:beta8:*:*:*:*:*:*", "matchCriteriaId": "3F3A5903-A198-4E1C-B32C-41F9F5F8FE7D", "vulnerable": true}, {"criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:beta9:*:*:*:*:*:*", "matchCriteriaId": "2518A8FD-B71B-48EE-BB4F-4B129D5F57FE", "vulnerable": true}, {"criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc0:*:*:*:*:*:*", "matchCriteriaId": "51CD9570-2DEA-4572-9222-FCA4049A229D", "vulnerable": true}, {"criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "8DB07786-FA7B-4941-9105-26B9DC2D82F9", "vulnerable": true}, {"criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc10:*:*:*:*:*:*", "matchCriteriaId": "45B70DCE-B860-4E6C-BC1F-A89BD79FD9E6", "vulnerable": true}, {"criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc100:*:*:*:*:*:*", "matchCriteriaId": "D08AA556-4524-45EA-80E2-2D4996CC58EF", "vulnerable": true}, {"criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc101:*:*:*:*:*:*", "matchCriteriaId": "42798D07-F87B-4DC5-85DC-97C19EE5F927", "vulnerable": true}, {"criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc11:*:*:*:*:*:*", "matchCriteriaId": "45553C55-AEE8-42E2-9A81-C850FD05C3AB", "vulnerable": true}, {"criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc12:*:*:*:*:*:*", "matchCriteriaId": "EE381727-3D96-43CD-B07B-E653D4B46677", "vulnerable": true}, {"criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc13:*:*:*:*:*:*", "matchCriteriaId": "95CF72D0-C742-45DD-AFBB-1619EFBFE7A2", "vulnerable": true}, {"criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc14:*:*:*:*:*:*", "matchCriteriaId": "B14236FE-AC54-4B9E-B8A4-D23146B073AC", "vulnerable": true}, {"criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc15:*:*:*:*:*:*", "matchCriteriaId": "BF790178-8A0C-4AEB-9495-E176018F2245", "vulnerable": true}, {"criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc17:*:*:*:*:*:*", "matchCriteriaId": "403E4722-9794-4EDF-8D46-41CB7B24787E", "vulnerable": true}, {"criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc18:*:*:*:*:*:*", "matchCriteriaId": "F9C899B5-C6BB-4664-B670-D5EAE2732B56", "vulnerable": true}, {"criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc19:*:*:*:*:*:*", "matchCriteriaId": "8A41F3AE-7969-40EF-845E-FD06DC014B9B", "vulnerable": true}, {"criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc2:*:*:*:*:*:*", "matchCriteriaId": "BB9329F2-4A79-44AA-9F76-C9C2467C3519", "vulnerable": true}, {"criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc20:*:*:*:*:*:*", "matchCriteriaId": "D763F244-F5B7-4090-9B55-4DE94DFC5729", "vulnerable": true}, {"criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc21:*:*:*:*:*:*", "matchCriteriaId": "495DC6E5-C67E-4F5D-8B83-743DC0A75730", "vulnerable": true}, {"criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc22:*:*:*:*:*:*", "matchCriteriaId": "2EEAFB71-E5AB-4153-BFC0-EBF32D7F9EBB", "vulnerable": true}, {"criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc23:*:*:*:*:*:*", "matchCriteriaId": "DA1A5E4E-D311-4A57-B86B-AF766235A475", "vulnerable": true}, {"criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc24:*:*:*:*:*:*", "matchCriteriaId": "ACDF5EC1-3FDB-4CBF-937F-654F9AF95945", "vulnerable": true}, {"criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc25:*:*:*:*:*:*", "matchCriteriaId": "35606AF8-C3F0-4FEA-B54D-CB966824308C", "vulnerable": true}, {"criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc26:*:*:*:*:*:*", "matchCriteriaId": "F91D03A0-7DB7-4257-9415-C0D87BA2AAF0", "vulnerable": true}, {"criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc27:*:*:*:*:*:*", "matchCriteriaId": "8D05BF28-4806-4D82-843C-FA1B8CED74D5", "vulnerable": true}, {"criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc28:*:*:*:*:*:*", "matchCriteriaId": "8FF35B3D-2CFA-4810-9E15-470EA887D9B1", "vulnerable": true}, {"criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc29:*:*:*:*:*:*", "matchCriteriaId": "0F283221-95BD-4A8E-8865-8AE1399F5876", "vulnerable": true}, {"criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc3:*:*:*:*:*:*", "matchCriteriaId": "55EEE789-67DB-47D9-892B-1340963E7927", "vulnerable": true}, {"criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc30:*:*:*:*:*:*", "matchCriteriaId": "89FFD654-9CA8-4CA3-981A-F0F76EB0F521", "vulnerable": true}, {"criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc31:*:*:*:*:*:*", "matchCriteriaId": "A0350F49-CC16-4426-ADCD-7CD4254B6FCC", "vulnerable": true}, {"criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc32:*:*:*:*:*:*", "matchCriteriaId": "CBED485C-5A6F-430A-82CD-8E4920B93FBA", "vulnerable": true}, {"criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc33:*:*:*:*:*:*", "matchCriteriaId": "F48FE4FF-8245-4844-99F1-A4F813622A91", "vulnerable": true}, {"criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc34:*:*:*:*:*:*", "matchCriteriaId": "ADCBE2AF-442F-47C7-98AA-D9AFDF2DB67F", "vulnerable": true}, {"criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc35:*:*:*:*:*:*", "matchCriteriaId": "481219B2-3B23-4587-8674-D79ADB187EE1", "vulnerable": true}, {"criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc36:*:*:*:*:*:*", "matchCriteriaId": "254199A7-0054-4CAF-A2A9-E8775B1BC023", "vulnerable": true}, {"criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc37:*:*:*:*:*:*", "matchCriteriaId": "8125A4F8-2574-49FE-990A-D285E9040D28", "vulnerable": true}, {"criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc38:*:*:*:*:*:*", "matchCriteriaId": "DA41810F-739D-4134-85B2-4C6FD30EEFD9", "vulnerable": true}, {"criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc39:*:*:*:*:*:*", "matchCriteriaId": "04CF572B-5E1F-4F25-8914-37EC89EB8B03", "vulnerable": true}, {"criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc4:*:*:*:*:*:*", "matchCriteriaId": "DAD8E2AF-951F-48EF-90CF-24A5FEB32D67", "vulnerable": true}, {"criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc40:*:*:*:*:*:*", "matchCriteriaId": "85665B14-3D55-4156-9D36-BBEAB8A092A2", "vulnerable": true}, {"criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc41:*:*:*:*:*:*", "matchCriteriaId": "4D8677D7-5B12-43D7-9227-5D2631EA3A0A", "vulnerable": true}, {"criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc42:*:*:*:*:*:*", "matchCriteriaId": "CBAEBC81-BA6F-4EE1-B1C8-4BF7078DA100", "vulnerable": true}, {"criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc43:*:*:*:*:*:*", "matchCriteriaId": "7488DBEF-3F63-4E82-AB77-AF3CB6B14430", "vulnerable": true}, {"criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc44:*:*:*:*:*:*", "matchCriteriaId": "5165C27C-CDE8-43A1-80E6-147D37183299", "vulnerable": true}, {"criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc45:*:*:*:*:*:*", "matchCriteriaId": "E5B5898D-FC53-4D07-A5DC-082BA4D8C987", "vulnerable": true}, {"criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc46:*:*:*:*:*:*", "matchCriteriaId": "7E0E801F-EC32-4C08-A627-79D731BC2825", "vulnerable": true}, {"criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc47:*:*:*:*:*:*", "matchCriteriaId": "DE607124-F29B-436D-976E-DFBEA5EDBF8B", "vulnerable": true}, {"criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc48:*:*:*:*:*:*", "matchCriteriaId": "52E3E8EC-631A-457E-BC07-ED15E915D24E", "vulnerable": true}, {"criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc49:*:*:*:*:*:*", "matchCriteriaId": "1FDC5AAF-EDDF-4526-AEE9-69EC661BFB9D", "vulnerable": true}, {"criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc5:*:*:*:*:*:*", "matchCriteriaId": "53019FA4-DA26-4CFF-A0C4-E57707435E00", "vulnerable": true}, {"criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc50:*:*:*:*:*:*", "matchCriteriaId": "981CE199-DC89-4CB7-8FB1-1E552F396DEB", "vulnerable": true}, {"criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc51:*:*:*:*:*:*", "matchCriteriaId": "A62D4B24-C873-4138-A4E9-6B8EBCA3E981", "vulnerable": true}, {"criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc52:*:*:*:*:*:*", "matchCriteriaId": "A515AD50-3ECF-4587-8AD5-5D0E2A768A7A", "vulnerable": true}, {"criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc53:*:*:*:*:*:*", "matchCriteriaId": "9C8501C3-2191-42E8-9620-741F74CE2F15", "vulnerable": true}, {"criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc54:*:*:*:*:*:*", "matchCriteriaId": "1E3213CC-91B6-4E7E-9629-A4C565531B30", "vulnerable": true}, {"criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc55:*:*:*:*:*:*", "matchCriteriaId": "B1219C97-9DAA-4791-9D18-64D095938434", "vulnerable": true}, {"criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc56:*:*:*:*:*:*", "matchCriteriaId": "DFC78640-A1BA-4DB0-B9AF-E34DD95171DD", "vulnerable": true}, {"criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc57:*:*:*:*:*:*", "matchCriteriaId": "2CA01771-E27C-4CB0-8E0B-1CB71A59F6AB", "vulnerable": true}, {"criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc58:*:*:*:*:*:*", "matchCriteriaId": "506FE0BF-D988-44A4-A272-3544024A2E78", "vulnerable": true}, {"criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc59:*:*:*:*:*:*", "matchCriteriaId": "7DA43EE9-7412-48CA-B1E7-619AA116D427", "vulnerable": true}, {"criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc6:*:*:*:*:*:*", "matchCriteriaId": "3641DB8D-BE6E-4BF5-8EBC-52C50F0A850A", "vulnerable": true}, {"criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc60:*:*:*:*:*:*", "matchCriteriaId": "38360D89-4A8C-4909-BB77-AACA5D8BF048", "vulnerable": true}, {"criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc61:*:*:*:*:*:*", "matchCriteriaId": "0824EEC4-AFDE-4E8E-B27C-34AA042539C6", "vulnerable": true}, {"criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc62:*:*:*:*:*:*", "matchCriteriaId": "F9C2CE70-41EF-47C5-9715-E42D9A4CA345", "vulnerable": true}, {"criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc63:*:*:*:*:*:*", "matchCriteriaId": "C7F3C217-E79A-4BE2-AC4B-3E280CF1162B", "vulnerable": true}, {"criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc64:*:*:*:*:*:*", "matchCriteriaId": "FEAF4A6A-DF67-4C38-B968-8391BA3B027C", "vulnerable": true}, {"criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc65:*:*:*:*:*:*", "matchCriteriaId": "45282628-8F29-4BD0-B4FF-3ECD04DC4584", "vulnerable": true}, {"criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc66:*:*:*:*:*:*", "matchCriteriaId": "BAC07857-306F-4DF7-B586-330A51F86E0E", "vulnerable": true}, {"criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc67:*:*:*:*:*:*", "matchCriteriaId": "D580D844-A230-4D05-AA9B-1B8F785771CC", "vulnerable": true}, {"criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc68:*:*:*:*:*:*", "matchCriteriaId": "AD33F536-BCD9-4205-ABB6-1748F1C04C79", "vulnerable": true}, {"criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc69:*:*:*:*:*:*", "matchCriteriaId": "1EC607B1-7205-4C97-B18C-F792F919EB0B", "vulnerable": true}, {"criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc7:*:*:*:*:*:*", "matchCriteriaId": "DECC37DB-7DBC-490E-BB4D-F358B8BE04F1", "vulnerable": true}, {"criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc70:*:*:*:*:*:*", "matchCriteriaId": "76050C92-5441-48AD-A662-AF90CD51A093", "vulnerable": true}, {"criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc71:*:*:*:*:*:*", "matchCriteriaId": "C60BB748-6DB3-40D6-A2FD-725D38B4D717", "vulnerable": true}, {"criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc72:*:*:*:*:*:*", "matchCriteriaId": "10B17B25-3D29-4066-B315-BA5F5D08216F", "vulnerable": true}, {"criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc73:*:*:*:*:*:*", "matchCriteriaId": "C919D78E-8231-4452-BE4B-56F1D7A53745", "vulnerable": true}, {"criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc74:*:*:*:*:*:*", "matchCriteriaId": "4F4DEC50-215A-478D-8A56-CC6896C32E68", "vulnerable": true}, {"criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc75:*:*:*:*:*:*", "matchCriteriaId": "075076A9-5171-4F1F-B96E-2E1D4C6D7FCE", "vulnerable": true}, {"criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc76:*:*:*:*:*:*", "matchCriteriaId": "83BE0072-2296-46A0-86E2-1BB560F23172", "vulnerable": true}, {"criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc77:*:*:*:*:*:*", "matchCriteriaId": "3C4FEF13-459C-48FD-919D-921AA1DA1EE9", "vulnerable": true}, {"criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc78:*:*:*:*:*:*", "matchCriteriaId": "B5FD43BA-F42B-4B0A-9D0D-3284C5037766", "vulnerable": true}, {"criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc79:*:*:*:*:*:*", "matchCriteriaId": "B95BF825-ACD4-44DC-AAAD-1564C1EAF827", "vulnerable": true}, {"criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc8:*:*:*:*:*:*", "matchCriteriaId": "CEE20367-CF2E-4954-ADE0-D56D2B6A0C9F", "vulnerable": true}, {"criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc80:*:*:*:*:*:*", "matchCriteriaId": "BA315D47-294C-434F-88E5-A099859C2AA5", "vulnerable": true}, {"criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc81:*:*:*:*:*:*", "matchCriteriaId": "17B7A29B-75D7-476D-A999-CDDF47DF363C", "vulnerable": true}, {"criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc82:*:*:*:*:*:*", "matchCriteriaId": "CC7498A4-7965-4895-AC92-AFBEDD68A81A", "vulnerable": true}, {"criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc83:*:*:*:*:*:*", "matchCriteriaId": "1557399D-2549-42F3-8C0D-B35E25C38DF7", "vulnerable": true}, {"criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc84:*:*:*:*:*:*", "matchCriteriaId": "E322CBF0-61C0-419A-8513-FE25F511D259", "vulnerable": true}, {"criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc85:*:*:*:*:*:*", "matchCriteriaId": "936AD22D-438D-4500-B677-AFFD19CA0D73", "vulnerable": true}, {"criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc86:*:*:*:*:*:*", "matchCriteriaId": "F1AF8FA3-E95F-499A-85C9-D053D5F9F755", "vulnerable": true}, {"criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc87:*:*:*:*:*:*", "matchCriteriaId": "BB3A9596-37F2-447A-8F93-B1E1F5E64D74", "vulnerable": true}, {"criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc88:*:*:*:*:*:*", "matchCriteriaId": "104A83DA-82FB-4D6A-A544-ACECCD7EA866", "vulnerable": true}, {"criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc89:*:*:*:*:*:*", "matchCriteriaId": "DD39FDCA-986D-4DB4-8B39-59AACA80E248", "vulnerable": true}, {"criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc9:*:*:*:*:*:*", "matchCriteriaId": "15693730-BABE-4703-8E15-1F42DE819913", "vulnerable": true}, {"criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc90:*:*:*:*:*:*", "matchCriteriaId": "D568E567-C1A1-4BB7-9FB2-9A7044F7360E", "vulnerable": true}, {"criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc91:*:*:*:*:*:*", "matchCriteriaId": "9E266EE8-578C-4991-8E53-1A5BEC8A004D", "vulnerable": true}, {"criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc92:*:*:*:*:*:*", "matchCriteriaId": "D75D7964-98EC-4A71-926B-B6500F852CA4", "vulnerable": true}, {"criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc93:*:*:*:*:*:*", "matchCriteriaId": "85B0990A-6EC6-44F5-AF3E-CB8C85B8F1AB", "vulnerable": true}, {"criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc94:*:*:*:*:*:*", "matchCriteriaId": "4E1EC031-B15E-47A7-97BD-E86D38853F36", "vulnerable": true}, {"criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc95:*:*:*:*:*:*", "matchCriteriaId": "614774B4-8A98-41F9-BB9B-603668FDCF36", "vulnerable": true}, {"criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc96:*:*:*:*:*:*", "matchCriteriaId": "1442884B-3A8E-4210-9BB2-F34FB37C2C78", "vulnerable": true}, {"criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc97:*:*:*:*:*:*", "matchCriteriaId": "33003367-36D9-4709-B182-9B93615C6F36", "vulnerable": true}, {"criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc98:*:*:*:*:*:*", "matchCriteriaId": "1B1C3267-3FBB-4D91-8320-89B07BC7291F", "vulnerable": true}, {"criteria": "cpe:2.3:a:rangerstudio:directus:9.0.0:rc99:*:*:*:*:*:*", "matchCriteriaId": "DCB32D41-1563-40D6-8A59-3E590E10F9B4", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In Directus, versions 9.0.0-alpha.4 through 9.4.1 allow unrestricted file upload of .html files in the media upload functionality, which leads to Cross-Site Scripting vulnerability. A low privileged attacker can upload a crafted HTML file as a profile avatar, and when an admin or another user opens it, the XSS payload gets triggered."}, {"lang": "es", "value": "En Directus, versiones 9.0.0-alpha.4 hasta 9.4.1 permiten una carga sin restricciones de archivos .html en la funcionalidad media upload, lo que conlleva a una vulnerabilidad de tipo Cross-Site Scripting. Un atacante con pocos privilegios puede subir un archivo HTML dise\u00f1ado como un avatar de perfil, y cuando un administrador u otro usuario lo abre, la carga \u00fatil de tipo XSS es desencadenada"}], "id": "CVE-2022-22117", "lastModified": "2022-01-14T19:31:40.837", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 3.5, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 2.7, "source": "vulnerabilitylab@mend.io", "type": "Primary"}]}, "published": "2022-01-10T16:15:10.120", "references": [{"source": "vulnerabilitylab@mend.io", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/directus/directus/commit/ec86d5412d45136915d9b622b4a890dd26932b10"}, {"source": "vulnerabilitylab@mend.io", "tags": ["Exploit", "Third Party Advisory"], "url": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2022-22117"}], "sourceIdentifier": "vulnerabilitylab@mend.io", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "vulnerabilitylab@mend.io", "type": "Primary"}]}

{}