CVE-2023-46252
Squidex (open-source headless CMS) contains an XSS vulnerability in a postMessage handler due to missing origin verification. The editor-sdk.js defines classes (SquidexSidebar, SquidexWidget, SquidexFormField) that use a global message listener; when a message of type valueChanged is received, th...