Strapi @strapi/plugin-users-permissions Stored XSS in Activities Module

github.com 2026-04-03查看中文 →

Security AdvisoryMediumStrapi

Affected:

Strapi

Fixed in:

v4.10.0

Referenced CVEs: CVE-2026-5370 · 3.5

文章内图片已隐藏以节省流量 · Upgrade to Pro to view images & offline archive

This content was auto-fetched from github.com, cleaned by our LLM pipeline, and translated to English. View original.

More from this source

SQL Injection in Online Hospital Management System login_1.php 2026-06-01 SQLi Vulnerability in Online Hospital Management System V1.0 (appointmentdetail.php) with POC 2026-06-01 AstroBot Local Skill Prompt Injection Vulnerability Analysis 2026-06-01 AstrBot Arbitrary File Write via Path-Authorization Mismatch in astrbot_file_write_tool 2026-06-01 D-Link DI-8400 /dbsrv.asp Buffer Overflow Vulnerability 2026-06-01

Offline Archive

Offline screenshot & PDF are Pro-exclusive