Cross-Site Request Forgery (CSRF) in GitHub repository squidex/squidex prior to 7.4.0.
6.5CVSS
6.5AI Score
0.001EPSS
Improper Handling of Additional Special Element in GitHub repository squidex/squidex prior to 7.4.0.
6.1CVSS
5.7AI Score
0.001EPSS
Squidex before 7.4.0 was discovered to contain a squid.svg cross-site scripting (XSS) vulnerability.
6.1CVSS
6AI Score
0.002EPSS
Improper Handling of Additional Special Element in GitHub repository squidex/squidex prior to 7.4.0.
4.3CVSS
4.8AI Score
0.001EPSS
Squidex is an open source headless CMS and content management hub. Affected versions are missing origin verification in a postMessage handler which introduces a Cross-Site Scripting (XSS) vulnerability. The editor-sdk.js file defines three different class-like functions, which employ a global messa...
6.8CVSS
5.9AI Score
0.0005EPSS
Squidex is an open source headless CMS and content management hub. Affected versions are subject to an arbitrary file write vulnerability in the backup restore feature which allows an authenticated attacker to gain remote code execution (RCE). Squidex allows users with the squidex.admin.restore per...
9.1CVSS
7.5AI Score
0.001EPSS
Squidex is an open source headless CMS and content management hub. In affected versions a stored Cross-Site Scripting (XSS) vulnerability enables privilege escalation of authenticated users. The SVG element filtering mechanism intended to stop XSS attacks through uploaded SVG images, is insufficien...
5.4CVSS
5.4AI Score
0.0004EPSS
Squidex before 7.9.0 allows XSS via an SVG document to the Upload Assets feature. This occurs because there is an incomplete blacklist in the SVG inspection, allowing JavaScript in the SRC attribute of an IFRAME element. An authenticated attack with assets.create permission is required for exploita...
5.4CVSS
5.2AI Score
0.001EPSS