Articles with tag: Stored Xss
POSTED BY: Charalampos Maraziaris / 08.11.2023

Weak SVG asset filtering mechanism in Squidex

CVE ID:CVE-2023-46857
Affected Products:Squidex versions prior to 7.9.0
Class:Improper Neutralization of Input During Web Page Generation (CWE-79)
References:GitHub Security Advisory
Discovered by:Charalampos Maraziaris

CENSUS has discovered a stored cross site scripting (XSS) vulnerability in the Squidex "headless" open source CMS framework. The vulnerability affects all versions of Squidex prior to 7.9.0 and enables privilege escalation affecting authenticated victim users. The Squidex development team has addressed the issue in version 7.9.0 of the software.