CVE-2024-54128

CVSS 3.1 Score 5.7 of 10 (medium)

Details

Published Dec 5, 2024
CWE ID 80

Summary

CVE-2024-54128 is a newly disclosed vulnerability affecting Directus, a real-time API and App dashboard for managing SQL database content. The vulnerability lies in the Comment feature, which employs a client-side filter to block restricted characters, including HTML tags. However, this filter is not foolproof and can be bypassed, exposing the application to HTML Injection attacks. This vulnerability has been addressed in versions 10.13.4 and 11.2.0.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share