CVE-2024-54128 Information

Description

Directus is a real-time API and App dashboard for managing SQL database content. The Comment feature has implemented a filter to prevent users from adding restricted characters such as HTML tags. However this filter operates on the client-side which can be bypassed making the application vulnerable to HTML Injection. This vulerability is fixed in 10.13.4 and 11.2.0.

Reference

https://github.com/directus/directus/security/advisories/GHSA-r6wx-627v-gh2f