CVE-2023-0643

Improper Handling of Additional Special Element in GitHub repository squidex/squidex prior to 7.4.0.

CVE-2023-24278

Squidex before 7.4.0 was discovered to contain a squid.svg cross-site scripting (XSS) vulnerability.

CVE-2023-0642

Cross-Site Request Forgery (CSRF) in GitHub repository squidex/squidex prior to 7.4.0.

CVE-2023-46252

Squidex is an open source headless CMS and content management hub. Affected versions are missing origin verification in a postMessage handler which introduces a Cross-Site Scripting (XSS) vulnerability. The editor-sdk.js file defines three different class-like functions, which employ a global messa...

CVE-2023-3580

Improper Handling of Additional Special Element in GitHub repository squidex/squidex prior to 7.4.0.

CVE-2023-46744

Squidex is an open source headless CMS and content management hub. In affected versions a stored Cross-Site Scripting (XSS) vulnerability enables privilege escalation of authenticated users. The SVG element filtering mechanism intended to stop XSS attacks through uploaded SVG images, is insufficien...

CVE-2023-46253

Squidex is an open source headless CMS and content management hub. Affected versions are subject to an arbitrary file write vulnerability in the backup restore feature which allows an authenticated attacker to gain remote code execution (RCE). Squidex allows users with the squidex.admin.restore per...

CVE-2023-46857

Squidex before 7.9.0 allows XSS via an SVG document to the Upload Assets feature. This occurs because there is an incomplete blacklist in the SVG inspection, allowing JavaScript in the SRC attribute of an IFRAME element. An authenticated attack with assets.create permission is required for exploita...