CVE-2020-27666

MEDIUM

Strapi < 3.2.5 - Stored Cross-Site Scripting in WYSIWYG Editor Preview

Title source: llm
STIX 2.1

Description

Strapi before 3.2.5 has stored XSS in the wysiwyg editor's preview feature.

References (2)

Core 2
Core References
Release Notes, Third Party Advisory x_refsource_misc
https://github.com/strapi/strapi/releases/tag/v3.2.5
Patch, Third Party Advisory x_refsource_misc
https://github.com/strapi/strapi/pull/8440

Scores

CVSS v3 5.4
EPSS 0.0060
EPSS Percentile 44.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Details

CWE
CWE-79
Status published
Products (2)
npm/strapi-plugin-content-manager 0 - 3.2.5npm
strapi/strapi < 3.2.5
Published Oct 22, 2020
Tracked Since Feb 18, 2026