Articles with tag: Svg
POSTED BY:
Charalampos Maraziaris
/
08.11.2023
Weak SVG asset filtering mechanism in Squidex
| CENSUS ID: | CENSUS-2023-0004 |
| CVE ID: | CVE-2023-46857 |
| Affected Products: | Squidex versions prior to 7.9.0 |
| Class: | Improper Neutralization of Input During Web Page Generation (CWE-79) |
| References: | GitHub Security Advisory |
| Discovered by: | Charalampos Maraziaris |
CENSUS has discovered a stored cross site scripting (XSS) vulnerability in the Squidex "headless" open source CMS framework. The vulnerability affects all versions of Squidex prior to 7.9.0 and enables privilege escalation affecting authenticated victim users. The Squidex development team has addressed the issue in version 7.9.0 of the software.
POSTED BY:
Ioannis Christodoulakos
/
16.03.2023
Reflected XSS vulnerabilities in Squidex "/squid.svg" endpoint
| CENSUS ID: | CENSUS-2023-0001 |
| CVE ID: | CVE-2023-24278 |
| Affected Products: | Squidex versions prior to 7.4.0 |
| Class: | Improper Neutralization of Input During Web Page Generation (CWE-79) |
| Discovered by: | Ioannis Christodoulakos |
CENSUS has discovered two reflected cross site scripting (XSS) vulnerabilities in the Squidex open source headless CMS software. The Reflected Cross Site Scripting vulnerabilities affect all versions of Squidex prior to 7.4.0 and affect both authenticated and unauthenticated victim users. The Squidex development team has addressed the issues in version 7.4.0 of the software.