Vulnerability Details CVE-2024-6533
Directus v10.13.0 allows an authenticated external attacker to execute arbitrary JavaScript on the client. This is possible because the application injects an attacker-controlled parameter that will be stored in the server and used by the client into an unsanitized DOM element. When chained with CVE-2024-6534, it could result in account takeover.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 4.5%
CVSS Severity
CVSS v3 Score 5.4