CVE-2022-29894: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
(updated )
Strapi v3.x.x versions and earlier contain a stored cross-site scripting vulnerability in file upload function. By exploiting this vulnerability, an arbitrary script may be executed on the web browser of the user who is logging in to the product with the administrative privilege.
References
Detect and mitigate CVE-2022-29894 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →