Security Advisory

CVE-2024-6533

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2024-08-15 03:04:08

Last updated 2025-05-19 17:56:31

Assigner Fluid Attacks

State PUBLISHED

Description

Directus v10.13.0 allows an authenticated external attacker to execute arbitrary JavaScript on the client. This is possible because the application injects an attacker-controlled parameter that will be stored in the server and used by the client into an unsanitized DOM element. When chained with CVE-2024-6534, it could result in account takeover.

← Browse all CVEs View on cve.org ↗