{"vulnerability": "cve-2024-6534", "sightings": [{"uuid": "9c7ffca5-65dd-48d7-b9e3-60bc4bcc10bb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6534", "type": "seen", "source": "https://t.me/cvedetector/3224", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-6533 - Directus Cross-Site Scripting (XSS)\", \n  \"Content\": \"CVE ID : CVE-2024-6533 \nPublished : Aug. 15, 2024, 3:15 a.m. | 34\u00a0minutes ago \nDescription : Directus v10.13.0 allows an authenticated external attacker to execute arbitrary JavaScript on the client. This is possible because the application injects an attacker-controlled parameter that will be stored in the server and used by the client into an unsanitized DOM element. When chained with CVE-2024-6534, it could result in account takeover. \nSeverity: 4.1 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"15 Aug 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-08-15T05:56:35.000000Z"}, {"uuid": "1358149b-3b78-4971-9694-40e6d083359f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-6534", "type": "seen", "source": "https://t.me/cvedetector/3228", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-6534 - Directus Preset Assignment Privilege Escalation Stored Cross-Site Request Forgery\", \n  \"Content\": \"CVE ID : CVE-2024-6534 \nPublished : Aug. 15, 2024, 4:15 a.m. | 24\u00a0minutes ago \nDescription : Directus v10.13.0 allows an authenticated external attacker to modify presets created by the same user to assign them to another user. This is possible because the application only validates the user parameter in the 'POST /presets'\u00a0request but not in the PATCH request. When chained with CVE-2024-6533, it could result in account takeover. \nSeverity: 4.1 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"15 Aug 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-08-15T06:46:45.000000Z"}]}