GHSA-9qrm-48qf-r2rw: Directus has a DOM-Based cross-site scripting (XSS) via layout_options

GHSA-pmf4-v838-29hg: Directus allows privilege escalation using Share feature

GHSA-vp47-9734-prjw: ASTEVAL Allows Malicious Tampering of Exposed AST Nodes Leads to Sandbox Escape

GHSA-27c6-mcxv-x3fh: Unlimited consumption of resources in @fastify/multipart

GHSA-74j9-xhqr-6qv3: Reflected Cross Site Scripting (XSS) in error message

If a website has been set to the "dev" environment mode, a URL can be provided which includes an XSS payload which will be executed in the resulting error message.

**Reflected Cross Site Scripting (XSS) in error message**

Low severity GitHub Reviewed Published Jan 23, 2025 to the GitHub Advisory Database • Updated Jan 23, 2025

Headline

GHSA-74j9-xhqr-6qv3: Reflected Cross Site Scripting (XSS) in error message

ghsa: Latest News