CVE-2022-22117

CVSS V2 Low 3.5 CVSS V3 Medium 5.4
Description
In Directus, versions 9.0.0-alpha.4 through 9.4.1 allow unrestricted file upload of .html files in the media upload functionality, which leads to Cross-Site Scripting vulnerability. A low privileged attacker can upload a crafted HTML file as a profile avatar, and when an admin or another user opens it, the XSS payload gets triggered.
Overview
  • CVE ID
  • CVE-2022-22117
  • Assigner
  • vulnerabilitylab@mend.io
  • Vulnerability Status
  • Analyzed
  • Published Version
  • 2022-01-10T16:15:10
  • Last Modified Date
  • 2022-01-14T19:31:40
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
cpe:2.3:a:rangerstudio:directus:*:*:*:*:*:*:*:* 1 OR 9.0.1 9.4.1
cpe:2.3:a:rangerstudio:directus:9.0.0:-:*:*:*:*:*:* 1 OR
cpe:2.3:a:rangerstudio:directus:9.0.0:alpha10:*:*:*:*:*:* 1 OR
cpe:2.3:a:rangerstudio:directus:9.0.0:alpha11:*:*:*:*:*:* 1 OR
cpe:2.3:a:rangerstudio:directus:9.0.0:alpha12:*:*:*:*:*:* 1 OR
cpe:2.3:a:rangerstudio:directus:9.0.0:alpha13:*:*:*:*:*:* 1 OR
cpe:2.3:a:rangerstudio:directus:9.0.0:alpha14:*:*:*:*:*:* 1 OR
cpe:2.3:a:rangerstudio:directus:9.0.0:alpha15:*:*:*:*:*:* 1 OR
cpe:2.3:a:rangerstudio:directus:9.0.0:alpha16:*:*:*:*:*:* 1 OR
cpe:2.3:a:rangerstudio:directus:9.0.0:alpha17:*:*:*:*:*:* 1 OR
cpe:2.3:a:rangerstudio:directus:9.0.0:alpha18:*:*:*:*:*:* 1 OR
cpe:2.3:a:rangerstudio:directus:9.0.0:alpha19:*:*:*:*:*:* 1 OR
cpe:2.3:a:rangerstudio:directus:9.0.0:alpha20:*:*:*:*:*:* 1 OR
cpe:2.3:a:rangerstudio:directus:9.0.0:alpha21:*:*:*:*:*:* 1 OR
cpe:2.3:a:rangerstudio:directus:9.0.0:alpha22:*:*:*:*:*:* 1 OR
cpe:2.3:a:rangerstudio:directus:9.0.0:alpha23:*:*:*:*:*:* 1 OR
cpe:2.3:a:rangerstudio:directus:9.0.0:alpha24:*:*:*:*:*:* 1 OR
cpe:2.3:a:rangerstudio:directus:9.0.0:alpha25:*:*:*:*:*:* 1 OR
cpe:2.3:a:rangerstudio:directus:9.0.0:alpha26:*:*:*:*:*:* 1 OR
cpe:2.3:a:rangerstudio:directus:9.0.0:alpha27:*:*:*:*:*:* 1 OR
cpe:2.3:a:rangerstudio:directus:9.0.0:alpha31:*:*:*:*:*:* 1 OR
cpe:2.3:a:rangerstudio:directus:9.0.0:alpha32:*:*:*:*:*:* 1 OR
cpe:2.3:a:rangerstudio:directus:9.0.0:alpha33:*:*:*:*:*:* 1 OR
cpe:2.3:a:rangerstudio:directus:9.0.0:alpha34:*:*:*:*:*:* 1 OR
cpe:2.3:a:rangerstudio:directus:9.0.0:alpha35:*:*:*:*:*:* 1 OR
cpe:2.3:a:rangerstudio:directus:9.0.0:alpha36:*:*:*:*:*:* 1 OR
cpe:2.3:a:rangerstudio:directus:9.0.0:alpha37:*:*:*:*:*:* 1 OR
cpe:2.3:a:rangerstudio:directus:9.0.0:alpha38:*:*:*:*:*:* 1 OR
cpe:2.3:a:rangerstudio:directus:9.0.0:alpha39:*:*:*:*:*:* 1 OR
cpe:2.3:a:rangerstudio:directus:9.0.0:alpha4:*:*:*:*:*:* 1 OR
cpe:2.3:a:rangerstudio:directus:9.0.0:alpha40:*:*:*:*:*:* 1 OR
cpe:2.3:a:rangerstudio:directus:9.0.0:alpha41:*:*:*:*:*:* 1 OR
cpe:2.3:a:rangerstudio:directus:9.0.0:alpha42:*:*:*:*:*:* 1 OR
cpe:2.3:a:rangerstudio:directus:9.0.0:alpha5:*:*:*:*:*:* 1 OR
cpe:2.3:a:rangerstudio:directus:9.0.0:alpha6:*:*:*:*:*:* 1 OR
cpe:2.3:a:rangerstudio:directus:9.0.0:alpha7:*:*:*:*:*:* 1 OR
cpe:2.3:a:rangerstudio:directus:9.0.0:alpha8:*:*:*:*:*:* 1 OR
cpe:2.3:a:rangerstudio:directus:9.0.0:alpha9:*:*:*:*:*:* 1 OR
cpe:2.3:a:rangerstudio:directus:9.0.0:beta0:*:*:*:*:*:* 1 OR
cpe:2.3:a:rangerstudio:directus:9.0.0:beta1:*:*:*:*:*:* 1 OR
cpe:2.3:a:rangerstudio:directus:9.0.0:beta10:*:*:*:*:*:* 1 OR
cpe:2.3:a:rangerstudio:directus:9.0.0:beta11:*:*:*:*:*:* 1 OR
cpe:2.3:a:rangerstudio:directus:9.0.0:beta12:*:*:*:*:*:* 1 OR
cpe:2.3:a:rangerstudio:directus:9.0.0:beta13:*:*:*:*:*:* 1 OR
cpe:2.3:a:rangerstudio:directus:9.0.0:beta14:*:*:*:*:*:* 1 OR
cpe:2.3:a:rangerstudio:directus:9.0.0:beta2:*:*:*:*:*:* 1 OR
cpe:2.3:a:rangerstudio:directus:9.0.0:beta3:*:*:*:*:*:* 1 OR
cpe:2.3:a:rangerstudio:directus:9.0.0:beta4:*:*:*:*:*:* 1 OR
cpe:2.3:a:rangerstudio:directus:9.0.0:beta5:*:*:*:*:*:* 1 OR
cpe:2.3:a:rangerstudio:directus:9.0.0:beta7:*:*:*:*:*:* 1 OR
cpe:2.3:a:rangerstudio:directus:9.0.0:beta8:*:*:*:*:*:* 1 OR
cpe:2.3:a:rangerstudio:directus:9.0.0:beta9:*:*:*:*:*:* 1 OR
cpe:2.3:a:rangerstudio:directus:9.0.0:rc0:*:*:*:*:*:* 1 OR
cpe:2.3:a:rangerstudio:directus:9.0.0:rc1:*:*:*:*:*:* 1 OR
cpe:2.3:a:rangerstudio:directus:9.0.0:rc10:*:*:*:*:*:* 1 OR
cpe:2.3:a:rangerstudio:directus:9.0.0:rc100:*:*:*:*:*:* 1 OR
cpe:2.3:a:rangerstudio:directus:9.0.0:rc101:*:*:*:*:*:* 1 OR
cpe:2.3:a:rangerstudio:directus:9.0.0:rc11:*:*:*:*:*:* 1 OR
cpe:2.3:a:rangerstudio:directus:9.0.0:rc12:*:*:*:*:*:* 1 OR
cpe:2.3:a:rangerstudio:directus:9.0.0:rc13:*:*:*:*:*:* 1 OR
cpe:2.3:a:rangerstudio:directus:9.0.0:rc14:*:*:*:*:*:* 1 OR
cpe:2.3:a:rangerstudio:directus:9.0.0:rc15:*:*:*:*:*:* 1 OR
cpe:2.3:a:rangerstudio:directus:9.0.0:rc17:*:*:*:*:*:* 1 OR
cpe:2.3:a:rangerstudio:directus:9.0.0:rc18:*:*:*:*:*:* 1 OR
cpe:2.3:a:rangerstudio:directus:9.0.0:rc19:*:*:*:*:*:* 1 OR
cpe:2.3:a:rangerstudio:directus:9.0.0:rc2:*:*:*:*:*:* 1 OR
cpe:2.3:a:rangerstudio:directus:9.0.0:rc20:*:*:*:*:*:* 1 OR
cpe:2.3:a:rangerstudio:directus:9.0.0:rc21:*:*:*:*:*:* 1 OR
cpe:2.3:a:rangerstudio:directus:9.0.0:rc22:*:*:*:*:*:* 1 OR
cpe:2.3:a:rangerstudio:directus:9.0.0:rc23:*:*:*:*:*:* 1 OR
cpe:2.3:a:rangerstudio:directus:9.0.0:rc24:*:*:*:*:*:* 1 OR
cpe:2.3:a:rangerstudio:directus:9.0.0:rc25:*:*:*:*:*:* 1 OR
cpe:2.3:a:rangerstudio:directus:9.0.0:rc26:*:*:*:*:*:* 1 OR
cpe:2.3:a:rangerstudio:directus:9.0.0:rc27:*:*:*:*:*:* 1 OR
cpe:2.3:a:rangerstudio:directus:9.0.0:rc28:*:*:*:*:*:* 1 OR
cpe:2.3:a:rangerstudio:directus:9.0.0:rc29:*:*:*:*:*:* 1 OR
cpe:2.3:a:rangerstudio:directus:9.0.0:rc3:*:*:*:*:*:* 1 OR
cpe:2.3:a:rangerstudio:directus:9.0.0:rc30:*:*:*:*:*:* 1 OR
cpe:2.3:a:rangerstudio:directus:9.0.0:rc31:*:*:*:*:*:* 1 OR
cpe:2.3:a:rangerstudio:directus:9.0.0:rc32:*:*:*:*:*:* 1 OR
cpe:2.3:a:rangerstudio:directus:9.0.0:rc33:*:*:*:*:*:* 1 OR
cpe:2.3:a:rangerstudio:directus:9.0.0:rc34:*:*:*:*:*:* 1 OR
cpe:2.3:a:rangerstudio:directus:9.0.0:rc35:*:*:*:*:*:* 1 OR
cpe:2.3:a:rangerstudio:directus:9.0.0:rc36:*:*:*:*:*:* 1 OR
cpe:2.3:a:rangerstudio:directus:9.0.0:rc37:*:*:*:*:*:* 1 OR
cpe:2.3:a:rangerstudio:directus:9.0.0:rc38:*:*:*:*:*:* 1 OR
cpe:2.3:a:rangerstudio:directus:9.0.0:rc39:*:*:*:*:*:* 1 OR
cpe:2.3:a:rangerstudio:directus:9.0.0:rc4:*:*:*:*:*:* 1 OR
cpe:2.3:a:rangerstudio:directus:9.0.0:rc40:*:*:*:*:*:* 1 OR
cpe:2.3:a:rangerstudio:directus:9.0.0:rc41:*:*:*:*:*:* 1 OR
cpe:2.3:a:rangerstudio:directus:9.0.0:rc42:*:*:*:*:*:* 1 OR
cpe:2.3:a:rangerstudio:directus:9.0.0:rc43:*:*:*:*:*:* 1 OR
cpe:2.3:a:rangerstudio:directus:9.0.0:rc44:*:*:*:*:*:* 1 OR
cpe:2.3:a:rangerstudio:directus:9.0.0:rc45:*:*:*:*:*:* 1 OR
cpe:2.3:a:rangerstudio:directus:9.0.0:rc46:*:*:*:*:*:* 1 OR
cpe:2.3:a:rangerstudio:directus:9.0.0:rc47:*:*:*:*:*:* 1 OR
cpe:2.3:a:rangerstudio:directus:9.0.0:rc48:*:*:*:*:*:* 1 OR
cpe:2.3:a:rangerstudio:directus:9.0.0:rc49:*:*:*:*:*:* 1 OR
cpe:2.3:a:rangerstudio:directus:9.0.0:rc5:*:*:*:*:*:* 1 OR
cpe:2.3:a:rangerstudio:directus:9.0.0:rc50:*:*:*:*:*:* 1 OR
cpe:2.3:a:rangerstudio:directus:9.0.0:rc51:*:*:*:*:*:* 1 OR
cpe:2.3:a:rangerstudio:directus:9.0.0:rc52:*:*:*:*:*:* 1 OR
cpe:2.3:a:rangerstudio:directus:9.0.0:rc53:*:*:*:*:*:* 1 OR
cpe:2.3:a:rangerstudio:directus:9.0.0:rc54:*:*:*:*:*:* 1 OR
cpe:2.3:a:rangerstudio:directus:9.0.0:rc55:*:*:*:*:*:* 1 OR
cpe:2.3:a:rangerstudio:directus:9.0.0:rc56:*:*:*:*:*:* 1 OR
cpe:2.3:a:rangerstudio:directus:9.0.0:rc57:*:*:*:*:*:* 1 OR
cpe:2.3:a:rangerstudio:directus:9.0.0:rc58:*:*:*:*:*:* 1 OR
cpe:2.3:a:rangerstudio:directus:9.0.0:rc59:*:*:*:*:*:* 1 OR
cpe:2.3:a:rangerstudio:directus:9.0.0:rc6:*:*:*:*:*:* 1 OR
cpe:2.3:a:rangerstudio:directus:9.0.0:rc60:*:*:*:*:*:* 1 OR
cpe:2.3:a:rangerstudio:directus:9.0.0:rc61:*:*:*:*:*:* 1 OR
cpe:2.3:a:rangerstudio:directus:9.0.0:rc62:*:*:*:*:*:* 1 OR
cpe:2.3:a:rangerstudio:directus:9.0.0:rc63:*:*:*:*:*:* 1 OR
cpe:2.3:a:rangerstudio:directus:9.0.0:rc64:*:*:*:*:*:* 1 OR
cpe:2.3:a:rangerstudio:directus:9.0.0:rc65:*:*:*:*:*:* 1 OR
cpe:2.3:a:rangerstudio:directus:9.0.0:rc66:*:*:*:*:*:* 1 OR
cpe:2.3:a:rangerstudio:directus:9.0.0:rc67:*:*:*:*:*:* 1 OR
cpe:2.3:a:rangerstudio:directus:9.0.0:rc68:*:*:*:*:*:* 1 OR
cpe:2.3:a:rangerstudio:directus:9.0.0:rc69:*:*:*:*:*:* 1 OR
cpe:2.3:a:rangerstudio:directus:9.0.0:rc7:*:*:*:*:*:* 1 OR
cpe:2.3:a:rangerstudio:directus:9.0.0:rc70:*:*:*:*:*:* 1 OR
cpe:2.3:a:rangerstudio:directus:9.0.0:rc71:*:*:*:*:*:* 1 OR
cpe:2.3:a:rangerstudio:directus:9.0.0:rc72:*:*:*:*:*:* 1 OR
cpe:2.3:a:rangerstudio:directus:9.0.0:rc73:*:*:*:*:*:* 1 OR
cpe:2.3:a:rangerstudio:directus:9.0.0:rc74:*:*:*:*:*:* 1 OR
cpe:2.3:a:rangerstudio:directus:9.0.0:rc75:*:*:*:*:*:* 1 OR
cpe:2.3:a:rangerstudio:directus:9.0.0:rc76:*:*:*:*:*:* 1 OR
cpe:2.3:a:rangerstudio:directus:9.0.0:rc77:*:*:*:*:*:* 1 OR
cpe:2.3:a:rangerstudio:directus:9.0.0:rc78:*:*:*:*:*:* 1 OR
cpe:2.3:a:rangerstudio:directus:9.0.0:rc79:*:*:*:*:*:* 1 OR
cpe:2.3:a:rangerstudio:directus:9.0.0:rc8:*:*:*:*:*:* 1 OR
cpe:2.3:a:rangerstudio:directus:9.0.0:rc80:*:*:*:*:*:* 1 OR
cpe:2.3:a:rangerstudio:directus:9.0.0:rc81:*:*:*:*:*:* 1 OR
cpe:2.3:a:rangerstudio:directus:9.0.0:rc82:*:*:*:*:*:* 1 OR
cpe:2.3:a:rangerstudio:directus:9.0.0:rc83:*:*:*:*:*:* 1 OR
cpe:2.3:a:rangerstudio:directus:9.0.0:rc84:*:*:*:*:*:* 1 OR
cpe:2.3:a:rangerstudio:directus:9.0.0:rc85:*:*:*:*:*:* 1 OR
cpe:2.3:a:rangerstudio:directus:9.0.0:rc86:*:*:*:*:*:* 1 OR
cpe:2.3:a:rangerstudio:directus:9.0.0:rc87:*:*:*:*:*:* 1 OR
cpe:2.3:a:rangerstudio:directus:9.0.0:rc88:*:*:*:*:*:* 1 OR
cpe:2.3:a:rangerstudio:directus:9.0.0:rc89:*:*:*:*:*:* 1 OR
cpe:2.3:a:rangerstudio:directus:9.0.0:rc9:*:*:*:*:*:* 1 OR
cpe:2.3:a:rangerstudio:directus:9.0.0:rc90:*:*:*:*:*:* 1 OR
cpe:2.3:a:rangerstudio:directus:9.0.0:rc91:*:*:*:*:*:* 1 OR
cpe:2.3:a:rangerstudio:directus:9.0.0:rc92:*:*:*:*:*:* 1 OR
cpe:2.3:a:rangerstudio:directus:9.0.0:rc93:*:*:*:*:*:* 1 OR
cpe:2.3:a:rangerstudio:directus:9.0.0:rc94:*:*:*:*:*:* 1 OR
cpe:2.3:a:rangerstudio:directus:9.0.0:rc95:*:*:*:*:*:* 1 OR
cpe:2.3:a:rangerstudio:directus:9.0.0:rc96:*:*:*:*:*:* 1 OR
cpe:2.3:a:rangerstudio:directus:9.0.0:rc97:*:*:*:*:*:* 1 OR
cpe:2.3:a:rangerstudio:directus:9.0.0:rc98:*:*:*:*:*:* 1 OR
cpe:2.3:a:rangerstudio:directus:9.0.0:rc99:*:*:*:*:*:* 1 OR
CVSS Version 2
  • Version
  • 2.0
  • Vector String
  • AV:N/AC:M/Au:S/C:N/I:P/A:N
  • Access Vector
  • NETWORK
  • Access Compatibility
  • MEDIUM
  • Authentication
  • SINGLE
  • Confidentiality Impact
  • NONE
  • Integrity Impact
  • PARTIAL
  • Availability Impact
  • NONE
  • Base Score
  • 3.5
  • Severity
  • LOW
  • Exploitability Score
  • 6.8
  • Impact Score
  • 2.9
CVSS Version 3
  • Version
  • 3.1
  • Vector String
  • CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
  • Attack Vector
  • NETWORK
  • Attack Compatibility
  • LOW
  • Privileges Required
  • LOW
  • User Interaction
  • REQUIRED
  • Scope
  • CHANGED
  • Confidentiality Impact
  • LOW
  • Availability Impact
  • NONE
  • Base Score
  • 5.4
  • Base Severity
  • MEDIUM
  • Exploitability Score
  • 2.3
  • Impact Score
  • 2.7
History
Created Old Value New Value Data Type Notes
2022-05-10 06:37:22 Added to TrackCVE
2022-12-06 06:02:34 2022-01-10T16:15Z 2022-01-10T16:15:10 CVE Published Date updated
2022-12-06 06:02:34 2022-01-14T19:31:40 CVE Modified Date updated
2022-12-06 06:02:34 Analyzed Vulnerability Status updated