VYPR
Unrated severityNVD Advisory· Published Aug 15, 2024· Updated May 19, 2025

Directus 10.13.0 - DOM-Based cross-site scripting (XSS) via layout_options

CVE-2024-6533

Description

Directus v10.13.0 allows an authenticated external attacker to execute arbitrary JavaScript on the client. This is possible because the application injects an attacker-controlled parameter that will be stored in the server and used by the client into an unsanitized DOM element. When chained with CVE-2024-6534, it could result in account takeover.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Monospace/Directusllm-fuzzy2 versions
    = 10.13.0+ 1 more
    • (no CPE)range: = 10.13.0
    • (no CPE)range: 10.13.0

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.