CNNVD-202511-1531 Information
CNNVD ID
CNNVD-202511-1531
Related CVE
- CNNVD Published: 2025-11-13
Description (Chinese)
Directus是Directus开源的一个实时 Api 和应用程序仪表板。用于管理 Sql 数据库内容。 Directus 11.13.0之前版本存在跨站脚本漏洞,该漏洞源于Block Editor接口存在存储型跨站脚本漏洞,可能导致持久性XSS攻击。
Description (English)
Directus is a real-time Api and application dashboard from Directus open source. To manage Sql database content. Prior to Directus 11.13.0, there was a cross-site script loophole, which stemmed from the storage-type cross-site script gap at the Block Editor interface, which could lead to a persistent XSS attack.
Hazard Level
High
Vulnerability Type
跨站脚本
Affected Vendor
Directus
Published
2025-11-13
Last Modified
2026-02-24
References
https://github.com/directus/directus/commit/d23525317f0780f04aa1fe7a99171a358e43cb2e https://github.com/directus/directus/security/advisories/GHSA-vv2v-pw69-8crf https://access.redhat.com/security/cve/cve-2025-64747
Patch
https://github.com/directus/directus/releases
Share on: