2 matches found
CVE-2023-46744 Stored Cross-site Scripting in Squidex
Squidex is an open source headless CMS and content management hub. In affected versions a stored Cross-Site Scripting XSS vulnerability enables privilege escalation of authenticated users. The SVG element filtering mechanism intended to stop XSS attacks through uploaded SVG images, is insufficien...
CVE-2023-46744
CVE-2023-46744 concerns a stored XSS in Squidex via SVG asset uploads. The vulnerability arises because the SVG filtering logic (which blocks [removed] and on* attributes) can be bypassed by using elements like with a javascript: URL, allowing an authenticated attacker (with assets.create permis...