CVE-2024-54128

MEDIUM Year: 2024
CVSS v3 Score
5.7
Medium
Weakness Type
CWE-80
View all →

Vulnerability Description

Directus is a real-time API and App dashboard for managing SQL database content. The Comment feature has implemented a filter to prevent users from adding restricted characters, such as HTML tags. However, this filter operates on the client-side, which can be bypassed, making the application vulnerable to HTML Injection. This vulerability is fixed in 10.13.4 and 11.2.0.

Related Vulnerabilities

CVE-2024-54001

MEDIUM
CVSS:5.5(Medium)

Kanboard is project management software that focuses on the Kanban methodology. HTML can be injected and stored into the application settings section. The fields application_language, application_date...

CWE-802024

CVE-2024-8680

MEDIUM
CVSS:5.5(Medium)

The MC4WP: Mailchimp for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 4.9.16 due to insufficient input sanitizat...

CWE-802024

CVE-2025-29427

MEDIUM
CVSS:5.9(Medium)

Code-projects Online Class and Exam Scheduling System V1.0 is vulnerable to Cross Site Scripting (XSS) in profile.php via the member_first and member_last parameters.

CWE-802025

CVE-2025-31575

MEDIUM
CVSS:5.9(Medium)

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Vasilis Triantafyllou Flag Icons allows Stored XSS. This issue affects Flag Icons: from n/a through 2.2.

CWE-802025

CVE-2017-20034

MEDIUM
CVSS:5.4(Medium)

A vulnerability classified as problematic was found in PHPList 3.2.6. This vulnerability affects unknown code of the file /lists/admin/ of the component List Name. The manipulation leads to cross site...

CWE-802017

CVE-2017-20035

MEDIUM
CVSS:5.4(Medium)

A vulnerability, which was classified as problematic, has been found in PHPList 3.2.6. This issue affects some unknown processing of the file /lists/admin/ of the component Subscribe. The manipulation...

CWE-802017