5 matches found
CVE-2023-24278
Squidex before 7.4.0 has a cross-site scripting (XSS) vulnerability via the squid.svg endpoint. The issue arises from unsanitized input in the SVG generated by the endpoint, enabling an attacker to potentially obtain sensitive information, modify data, or perform unauthorized admin operations in ...
CVE-2023-0643
CVE-2023-0643 affects squidex/squidex prior to 7.4.0. The issue is described as improper handling of an additional special element in the GitHub repository, enabling potential HTML injection in activity-related contexts (as per CNNVD/Red Hat/NVD family entries). The vulnerability impact is framed...
CVE-2023-0642
CVE-2023-0642 affects squidex/squidex prior to version 7.4.0 and is a Cross-Site Request Forgery (CSRF) vulnerability. The root cause, as described in connected sources, is a lack of proper CSRF token verification, allowing an attacker to induce authenticated users to perform unintended actions. ...
CVE-2023-3580
The CVE-2023-3580 entry concerns the Squidex project (squidex/squidex) prior to version 7.4.0. The underlying issue is described as improper handling of an additional special element in the repository, leading to a MEDIUM impact vulnerability (per NVD/SECURITY METRICS). Affected component is the ...
CVE-2023-46857
Squidex Headless CMS is affected: versions before 7.9.0 suffer an XSS via an SVG document in the Upload Assets feature due to an incomplete blacklist in the SVG inspection. The attack requires the attacker to have assets.create permission and is possible through the SRC attribute of an IFRAME in ...