EUVD-2023-50481

Malicious code in bioql PyPI...

Cross site scripting

Squidex is an open source headless CMS and content management hub. Affected versions are missing origin verification in a postMessage handler which introduces a Cross-Site Scripting XSS vulnerability. The editor-sdk.js file defines three different class-like functions, which employ a global messa...

CVE-2023-46252 Cross-Site Scripting (XSS) via postMessage Handler in Squidex

Squidex is an open source headless CMS and content management hub. Affected versions are missing origin verification in a postMessage handler which introduces a Cross-Site Scripting XSS vulnerability. The editor-sdk.js file defines three different class-like functions, which employ a global messa...

CVE-2023-46252 Cross-Site Scripting (XSS) via postMessage Handler in Squidex

Squidex is an open source headless CMS and content management hub. Affected versions are missing origin verification in a postMessage handler which introduces a Cross-Site Scripting XSS vulnerability. The editor-sdk.js file defines three different class-like functions, which employ a global messa...

Squidex Cross-Site Scripting Vulnerability

squidex is a Headless CMS and Content Management Center. A cross-site scripting vulnerability exists in Squidex version 7.8.2, which stems from a lack of raw validation in the postMessage handler, leading to a cross-site scripting XSS vulnerability...

Severe Vulnerabilities Reported in Microsoft Azure Bastion and Container Registry

Two "dangerous" security vulnerabilities have been disclosed in Microsoft Azure Bastion and Azure Container Registry that could have been exploited to carry out cross-site scripting XSS attacks. "The vulnerabilities allowed unauthorized access to the victim's session within the compromised Azure...

Lyst: DOM XSS on http://talks.lystit.com

Description DOM XSS can be achieved via a postMessage due to an insecure postMessage handler being registered. POC 1. Visit https://gamer7112.com/lyst1.html 2. Click the link 3. View alert Vulnerable Code Located at http://talks.lystit.com/data-saloon-presentation/plugin/notes/notes.html javascri...

Shopify: H1514 DOM XSS on checkout.shopify.com via postMessage handler on /:id/sandbox/google_maps

Description: The /:id/sandbox/googlemaps and /:id/sandbox/googleautocomplete routes on checkout.shopify.com are used to render the Google Map on the "Order Status" page as well as the address prediction on checkout pages. The page performs origin validation on incoming postMessages making sure th...