CVE-2024-54128
published 2024-12-05CVE-2024-54128: Directus is a real-time API and App dashboard for managing SQL database content. The Comment feature has implemented a filter to prevent users from adding…
PriorityP423medium4.6CVSS 3.1
AVNACLPRLUIRSUCLILAN
EPSS
0.34%
25.7th percentile
Directus is a real-time API and App dashboard for managing SQL database content. The Comment feature has implemented a filter to prevent users from adding restricted characters, such as HTML tags. However, this filter operates on the client-side, which can be bypassed, making the application vulnerable to HTML Injection. This vulerability is fixed in 10.13.4 and 11.2.0.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| directus | app | >= 11.0.0 < 13.3.1 | 13.3.1 |
| directus | directus | — | — |
| directus | directus | — | — |
| directus | directus | >= 10.10.0 < 10.13.4 | 10.13.4 |
| directus | directus | >= 11.0.0-rc.1 < 11.2.2 | 11.2.2 |
| monospace | directus | >= 10.10.0 < 10.13.4 | 10.13.4 |
| monospace | directus | >= 11.0.0 < 11.2.2 | 11.2.2 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Directus has an HTML Injection in Comment
osv·2024-12-05
CVE-2024-54128 [MEDIUM] Directus has an HTML Injection in Comment
Directus has an HTML Injection in Comment
### Summary
The Comment feature has implemented a filter to prevent users from adding restricted characters, such as HTML tags. However, this filter operates on the client-side, which can be bypassed, making the application vulnerable to HTML Injection.
### Details
The Comment feature implements a character filter on the client-side, this can be bypassed by directly sending a request to the endpoint.
Example Request:
```
PATCH /activity/comment/3 HTTP/2
Host: directus.local
{
"comment": "TEST HTML INJECTION Test Link"
}
```
Example Response:
```json
{
"data": {
"id": 3,
"action": "comment",
"user": "288fdccc-399a-40a1-ac63-811bf62e6a18",
"timestamp": "2023-09-06T02:23:40.740Z",
"ip": "10.42.0.1",
"user_agent": "Mozilla/5.0 (Windows NT 10.0;
GHSA
Directus has an HTML Injection in Comment
ghsa·2024-12-05
CVE-2024-54128 [MEDIUM] CWE-80 Directus has an HTML Injection in Comment
Directus has an HTML Injection in Comment
### Summary
The Comment feature has implemented a filter to prevent users from adding restricted characters, such as HTML tags. However, this filter operates on the client-side, which can be bypassed, making the application vulnerable to HTML Injection.
### Details
The Comment feature implements a character filter on the client-side, this can be bypassed by directly sending a request to the endpoint.
Example Request:
```
PATCH /activity/comment/3 HTTP/2
Host: directus.local
{
"comment": "TEST HTML INJECTION Test Link"
}
```
Example Response:
```json
{
"data": {
"id": 3,
"action": "comment",
"user": "288fdccc-399a-40a1-ac63-811bf62e6a18",
"timestamp": "2023-09-06T02:23:40.740Z",
"ip": "10.42.0.1",
"user_agent": "Mozilla/5.0 (Windows NT 10.0;
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2024-12-05
Published