) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
Search Results (Refine Search)
Search Parameters:
- Keyword (text search): cpe:2.3:a:strapi:strapi:3.0.0:alpha.7.2:*:*:*:*:*:*
- CPE Name Search: true
There are 21 matching records.
Displaying matches 21 through 21.
| Vuln ID | Summary | CVSS Severity |
|---|---|---|
| CVE-2020-13961 |
Strapi before 3.0.2 could allow a remote authenticated attacker to bypass security restrictions because templates are stored in a global variable without any sanitation. By sending a specially crafted request, an attacker could exploit this vulnerability to update the email template for both password reset and account confirmation emails. Published: June 19, 2020; 1:15:14 PM -0400 |
V4.0:(not available) V3.1: 6.5 MEDIUM V2.0: 4.0 MEDIUM |