cbcvebase.
CVE-2023-24278
published 2023-03-18

CVE-2023-24278: Squidex before 7.4.0 was discovered to contain a squid.svg cross-site scripting (XSS) vulnerability.

PriorityP336medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EXPLOIT
EPSS
2.93%
85.4th percentile
Squidex before 7.4.0 was discovered to contain a squid.svg cross-site scripting (XSS) vulnerability.

Affected

1 ranges
VendorProductVersion rangeFixed in
squidex.iosquidex< 7.4.07.4.0

Detection & IOCsextracted from sources · hover to see the quote

pathsquid.svg
sigma
words: ['image/svg+xml'] (response header) with HTTP 200 status on squid.svg path
yara
digest: 490a0046304402206201a3caa5c435d2ba161bb72b544e691fb1a836297ed2a11405deecfdc19d970220663bf1af18f1b0896d8aa785f2cedb27aa81613b239481240376791e68aad890:922c64590222798bb761d5b6d8e72950
  • Probe for XSS by requesting the squid.svg file and checking if the response Content-Type header is 'image/svg+xml' with HTTP 200; a successful XSS payload would execute alert(document.domain) in the browser context.
  • The Nuclei template targets Squidex instances before version 7.4.0; detection should flag responses to the squid.svg endpoint that return Content-Type: image/svg+xml and HTTP 200, indicating the vulnerable SVG file is being served with embedded XSS.
  • ·The vulnerability is version-bounded; only Squidex instances running versions prior to 7.4.0 are affected. Ensure version checks are part of any detection or scanning logic.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.