We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.
Please see our statement on Data Privacy.
Directus is a real-time API and App dashboard for managing SQL database content. The Comment feature has implemented a filter to prevent users from adding restricted characters, such as HTML tags. However, this filter operates on the client-side, which can be bypassed, making the application vulnerable to HTML Injection. This vulerability is fixed in 10.13.4 and 11.2.0.
Reserved 2024-11-29 | Published 2024-12-05 | Updated 2024-12-06 | Assigner GitHub_MCWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
github.com/...rectus/security/advisories/GHSA-r6wx-627v-gh2f
Support options