Shodan
Vulnerabilities
Vulnerable Software
Strapi:  >> Strapi  >> 3.0.4  Security Vulnerabilities
CVE-2020-27664
admin/src/containers/InputModalStepperProvider/index.js in Strapi before 3.2.5 has unwanted /proxy?url= functionality.
CVSS Score
9.8
EPSS Score
0.013
Published
2020-10-22
CVE-2020-27665
In Strapi before 3.2.5, there is no admin::hasPermissions restriction for CTB (aka content-type-builder) routes.
CVSS Score
7.5
EPSS Score
0.003
Published
2020-10-22
CVE-2020-27666
Strapi before 3.2.5 has stored XSS in the wysiwyg editor's preview feature.
CVSS Score
5.4
EPSS Score
0.003
Published
2020-10-22


Products
Pricing
Contact Us

Shodan ® - All rights reserved