How to fix the XSS cross site scripting problem?

System Information
  • Strapi Version: v4.7.1
  • Operating System: MAC
  • Database: MySql
  • Node Version: v14.20.1
  • NPM Version: 6.14.17
  • Yarn Version:

The strapi has an Unrestricted File Upload vulnerability that allows an attacker to successfully upload files containing malicious content to the system and execute. Please assist to fix this.

Thank you for reporting this.
Could you please email us on
We will need some reproduction steps that prove malicious capabilities in this email.

Thank you :slight_smile:

Thank you for your support. :slightly_smiling_face:

I’ve sent reproduction steps email.

Thank you.

1 Like