Squidex Security Vulnerabilities and Issues — Squidex CVE List

Lucene search

Squidex.ioSquidex

3 matches found

CVE•added 2023/07/10 4:15 p.m.•38 views

CVE-2023-3580

Improper Handling of Additional Special Element in GitHub repository squidex/squidex prior to 7.4.0.

5.4CVSS4.9AI score0.00087EPSS

CVE•added 2023/11/07 6:15 p.m.•32 views

CVE-2023-46744

Squidex is an open source headless CMS and content management hub. In affected versions a stored Cross-Site Scripting (XSS) vulnerability enables privilege escalation of authenticated users. The SVG element filtering mechanism intended to stop XSS attacks through uploaded SVG images, is insufficien...

5.4CVSS5.4AI score0.00155EPSS

CVE•added 2023/12/07 6:15 a.m.•20 views

CVE-2023-46857

Squidex before 7.9.0 allows XSS via an SVG document to the Upload Assets feature. This occurs because there is an incomplete blacklist in the SVG inspection, allowing JavaScript in the SRC attribute of an IFRAME element. An authenticated attack with assets.create permission is required for exploita...

5.4CVSS5.2AI score0.00734EPSS