CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-13961

Strapi before 3.0.2 could allow a remote authenticated attacker to bypass security restrictions because templates are stored in a global variable without any sanitation. By sending a specially crafted request, an attacker could exploit this vulnerability to update the email template for both password reset and account confirmation emails.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.006

EPSS Ranking 69.1%

CVSS Severity

CVSS v3 Score 6.5

CVSS v2 Score 4.0

References

Products affected by CVE-2020-13961

Strapi » Strapi » Version: N/A

cpe:2.3:a:strapi:strapi:-
Strapi » Strapi » Version: 0.0.1

cpe:2.3:a:strapi:strapi:0.0.1
Strapi » Strapi » Version: 0.0.2

cpe:2.3:a:strapi:strapi:0.0.2
Strapi » Strapi » Version: 0.0.3

cpe:2.3:a:strapi:strapi:0.0.3
Strapi » Strapi » Version: 0.0.4

cpe:2.3:a:strapi:strapi:0.0.4
Strapi » Strapi » Version: 0.0.5

cpe:2.3:a:strapi:strapi:0.0.5
Strapi » Strapi » Version: 0.0.6

cpe:2.3:a:strapi:strapi:0.0.6
Strapi » Strapi » Version: 0.0.7

cpe:2.3:a:strapi:strapi:0.0.7
Strapi » Strapi » Version: 0.12.0

cpe:2.3:a:strapi:strapi:0.12.0
Strapi » Strapi » Version: 0.12.1

cpe:2.3:a:strapi:strapi:0.12.1
Strapi » Strapi » Version: 0.12.2

cpe:2.3:a:strapi:strapi:0.12.2
Strapi » Strapi » Version: 0.12.3

cpe:2.3:a:strapi:strapi:0.12.3
Strapi » Strapi » Version: 0.12.4

cpe:2.3:a:strapi:strapi:0.12.4
Strapi » Strapi » Version: 1.0.0

cpe:2.3:a:strapi:strapi:1.0.0
Strapi » Strapi » Version: 1.0.1

cpe:2.3:a:strapi:strapi:1.0.1
Strapi » Strapi » Version: 1.0.2

cpe:2.3:a:strapi:strapi:1.0.2
Strapi » Strapi » Version: 1.0.3

cpe:2.3:a:strapi:strapi:1.0.3
Strapi » Strapi » Version: 1.0.4

cpe:2.3:a:strapi:strapi:1.0.4
Strapi » Strapi » Version: 1.0.5

cpe:2.3:a:strapi:strapi:1.0.5
Strapi » Strapi » Version: 1.0.6

cpe:2.3:a:strapi:strapi:1.0.6
Strapi » Strapi » Version: 1.1.0

cpe:2.3:a:strapi:strapi:1.1.0
Strapi » Strapi » Version: 1.2.0

cpe:2.3:a:strapi:strapi:1.2.0
Strapi » Strapi » Version: 1.3.0

cpe:2.3:a:strapi:strapi:1.3.0
Strapi » Strapi » Version: 1.3.1

cpe:2.3:a:strapi:strapi:1.3.1
Strapi » Strapi » Version: 1.4.0

cpe:2.3:a:strapi:strapi:1.4.0
Strapi » Strapi » Version: 1.4.1

cpe:2.3:a:strapi:strapi:1.4.1
Strapi » Strapi » Version: 1.5.0

cpe:2.3:a:strapi:strapi:1.5.0
Strapi » Strapi » Version: 1.5.1

cpe:2.3:a:strapi:strapi:1.5.1
Strapi » Strapi » Version: 1.5.2

cpe:2.3:a:strapi:strapi:1.5.2
Strapi » Strapi » Version: 1.5.3

cpe:2.3:a:strapi:strapi:1.5.3
Strapi » Strapi » Version: 1.5.4

cpe:2.3:a:strapi:strapi:1.5.4
Strapi » Strapi » Version: 1.5.7

cpe:2.3:a:strapi:strapi:1.5.7
Strapi » Strapi » Version: 1.6.0

cpe:2.3:a:strapi:strapi:1.6.0
Strapi » Strapi » Version: 1.6.1

cpe:2.3:a:strapi:strapi:1.6.1
Strapi » Strapi » Version: 1.6.2

cpe:2.3:a:strapi:strapi:1.6.2
Strapi » Strapi » Version: 1.6.3

cpe:2.3:a:strapi:strapi:1.6.3
Strapi » Strapi » Version: 1.6.4

cpe:2.3:a:strapi:strapi:1.6.4
Strapi » Strapi » Version: 3.0.0

cpe:2.3:a:strapi:strapi:3.0.0
Strapi » Strapi » Version: 3.0.1

cpe:2.3:a:strapi:strapi:3.0.1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-13961

Products

Pricing

Contact Us