Squidex is an open source headless CMS and content management hub. Affected versions are subject to an arbitrary file write vulnerability in the backup restore feature which allows an authenticated attacker to gain remote code execution (RCE). Squidex allows users with the squidex.admin.restore...
9.1CVSS
7.5AI Score
0.001EPSS
Squidex is an open source headless CMS and content management hub. Affected versions are missing origin verification in a postMessage handler which introduces a Cross-Site Scripting (XSS) vulnerability. The editor-sdk.js file defines three different class-like functions, which employ a global...
6.8CVSS
5.9AI Score
0.0005EPSS
Squidex is an open source headless CMS and content management hub. In affected versions a stored Cross-Site Scripting (XSS) vulnerability enables privilege escalation of authenticated users. The SVG element filtering mechanism intended to stop XSS attacks through uploaded SVG images, is...
5.4CVSS
5.4AI Score
0.0004EPSS
Improper Handling of Additional Special Element in GitHub repository squidex/squidex prior to...
4.3CVSS
4.8AI Score
0.001EPSS
Improper Handling of Additional Special Element in GitHub repository squidex/squidex prior to...
6.1CVSS
5.7AI Score
0.001EPSS
6.5CVSS
6.5AI Score
0.001EPSS