EUVD-2023-51023

Malicious code in bioql PyPI...

Cross-site Scripting (XSS)

Overview Squidex.ClientLibrary is a ClientLibrary for Squidex Headless CMS. Affected versions of this package are vulnerable to Cross-site Scripting XSS due an incomplete blacklist in the SVG inspection process. An attacker can inject malicious JavaScript via the SRC attribute of an IFRAME elemen...

CVE-2023-46857

Squidex before 7.9.0 allows XSS via an SVG document to the Upload Assets feature. This occurs because there is an incomplete blacklist in the SVG inspection, allowing JavaScript in the SRC attribute of an IFRAME element. An authenticated attack with assets.create permission is required for...

CVE-2023-46857

Squidex before 7.9.0 allows XSS via an SVG document to the Upload Assets feature. This occurs because there is an incomplete blacklist in the SVG inspection, allowing JavaScript in the SRC attribute of an IFRAME element. An authenticated attack with assets.create permission is required for...

CVE-2023-46857

Squidex Headless CMS is affected: versions before 7.9.0 suffer an XSS via an SVG document in the Upload Assets feature due to an incomplete blacklist in the SVG inspection. The attack requires the attacker to have assets.create permission and is possible through the SRC attribute of an IFRAME in ...