Lucene search
K

5 matches found

CVE
CVE
added 2023/03/18 12:0 a.m.78 views

CVE-2023-24278

Squidex before 7.4.0 has a cross-site scripting (XSS) vulnerability via the squid.svg endpoint. The issue arises from unsanitized input in the SVG generated by the endpoint, enabling an attacker to potentially obtain sensitive information, modify data, or perform unauthorized admin operations in ...

6.1CVSS6AI score0.02908EPSS
Web
CVE
CVE
added 2023/02/02 12:0 a.m.75 views

CVE-2023-0643

CVE-2023-0643 affects squidex/squidex prior to 7.4.0. The issue is described as improper handling of an additional special element in the GitHub repository, enabling potential HTML injection in activity-related contexts (as per CNNVD/Red Hat/NVD family entries). The vulnerability impact is framed...

6.1CVSS5.9AI score0.0058EPSS
CVE
CVE
added 2023/02/02 12:0 a.m.53 views

CVE-2023-0642

CVE-2023-0642 affects squidex/squidex prior to version 7.4.0 and is a Cross-Site Request Forgery (CSRF) vulnerability. The root cause, as described in connected sources, is a lack of proper CSRF token verification, allowing an attacker to induce authenticated users to perform unintended actions. ...

6.8CVSS6.6AI score0.00412EPSS
CVE
CVE
added 2023/07/10 11:38 a.m.53 views

CVE-2023-3580

The CVE-2023-3580 entry concerns the Squidex project (squidex/squidex) prior to version 7.4.0. The underlying issue is described as improper handling of an additional special element in the repository, leading to a MEDIUM impact vulnerability (per NVD/SECURITY METRICS). Affected component is the ...

5.4CVSS4.9AI score0.00619EPSS
CVE
CVE
added 2023/12/07 12:0 a.m.29 views

CVE-2023-46857

Squidex Headless CMS is affected: versions before 7.9.0 suffer an XSS via an SVG document in the Upload Assets feature due to an incomplete blacklist in the SVG inspection. The attack requires the attacker to have assets.create permission and is possible through the SRC attribute of an IFRAME in ...

5.4CVSS5.2AI score0.00569EPSS