Articles with tag: Code Injection
POSTED BY: Ioannis Christodoulakos / 16.03.2023

Reflected XSS vulnerabilities in Squidex "/squid.svg" endpoint

CVE ID:CVE-2023-24278
Affected Products:Squidex versions prior to 7.4.0
Class:Improper Neutralization of Input During Web Page Generation (CWE-79)
Discovered by:Ioannis Christodoulakos

CENSUS has discovered two reflected cross site scripting (XSS) vulnerabilities in the Squidex open source headless CMS software. The Reflected Cross Site Scripting vulnerabilities affect all versions of Squidex prior to 7.4.0 and affect both authenticated and unauthenticated victim users. The Squidex development team has addressed the issues in version 7.4.0 of the software.

POSTED BY: John Torakis / 02.10.2017

e2openplugin OpenWebif saveConfig remote code execution

CVE ID:CVE-2017-9807
Affected Products:e2openplugin OpenWebif (versions 0.2.9-1.2.4)
Class:Improper control of generation of code ('Code Injection') (CWE-94)
Discovered by:John Torakis

OpenWebif is a Web application that is used in IP TVs and media boxes to provide an easy-to-use Web Interface. It is written mostly in Python (Backend) and JavaScript (Frontend). It can be found in DreamBox devices.