Total: 16 CVE IDs
- 2024/01/22: CVE-2024-23782
- CWE-79: Cross-site Scripting
- CVSS: 5.4 Medium
- 2024/01/22: CVE-2024-23348
- CWE-20: Improper Input Validation
- CVSS: 5.4 Medium
- 2023/09/30: CVE-2023-5318
- CWE-798: Use of Hard-coded Credentials
- CVSS: 7.5 High
- 2023/08/30: CVE-2023-4624
- CWE-918: Server-Side Request Forgery
- CVSS: 2.4 Low
- 2023/08/06: CVE-2023-4187
- CWE-79: Cross-site Scripting
- CVSS: 4.8 Medium
- 2023/07/28: CVE-2023-3982
- CWE-79: Cross-site Scripting
- CVSS: 4.8 Medium
- 2023/07/28: CVE-2023-3981
- CWE-918: Server-Side Request Forgery
- CVSS: 4.9 Medium
- 2023/07/28: CVE-2023-3980
- CWE-79: Cross-site Scripting
- CVSS: 4.8 Medium
- 2023/07/26: ⭐︎ CVE-2023-38507
- CWE-307: Improper Rate Limiting
- CVSS: 9.8 Critical
- 2023/07/08: ⭐︎ CVE-2023-37270
- CWE-89: SQL Injection
- CVSS: 8.8 High
- 2023/07/06: CVE-2023-3521
- CWE-79: Cross-site Scripting
- CVSS: 6.1 Medium
- 2023/06/28: CVE-2023-3445
- CWE-79: Cross-site Scripting
- CVSS: 4.8 Medium
- 2023/06/14: ⭐︎ CVE-2023-34251
- CWE-94: Code Injection
- CVSS: 7.2 High
- 2023/06/13: CVE-2023-34247
- CWE-601: Open Redirect
- CVSS: 4.1 Medium
- 2022/09/01: CVE-2022-3072
- CWE-79: Cross-site Scripting
- CVSS: 5.4 Medium
- 2022/05/13: ⭐︎ CVE-2022-29894
- CWE-79: Cross-site Scripting
- CVSS: 4.8 Medium
Blog
- Strapi’s official blog: Security Disclosure of Vulnerabilities: CVE-2023-38507
- Penetration Testing blog: CVE-2023-34251: Grav CMS Remote Code Execution Vulnerability