CVE-2023-24278
published 2023-03-18CVE-2023-24278: Squidex before 7.4.0 was discovered to contain a squid.svg cross-site scripting (XSS) vulnerability.
PriorityP336medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EXPLOIT
EPSS
2.93%
85.4th percentile
Squidex before 7.4.0 was discovered to contain a squid.svg cross-site scripting (XSS) vulnerability.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| squidex.io | squidex | < 7.4.0 | 7.4.0 |
Detection & IOCsextracted from sources · hover to see the quote
sigma
words: ['image/svg+xml'] (response header) with HTTP 200 status on squid.svg path
yara
digest: 490a0046304402206201a3caa5c435d2ba161bb72b544e691fb1a836297ed2a11405deecfdc19d970220663bf1af18f1b0896d8aa785f2cedb27aa81613b239481240376791e68aad890:922c64590222798bb761d5b6d8e72950
- →Probe for XSS by requesting the squid.svg file and checking if the response Content-Type header is 'image/svg+xml' with HTTP 200; a successful XSS payload would execute alert(document.domain) in the browser context.
- →The Nuclei template targets Squidex instances before version 7.4.0; detection should flag responses to the squid.svg endpoint that return Content-Type: image/svg+xml and HTTP 200, indicating the vulnerable SVG file is being served with embedded XSS.
- ·The vulnerability is version-bounded; only Squidex instances running versions prior to 7.4.0 are affected. Ensure version checks are part of any detection or scanning logic. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Nuclei
Squidex <7.4.0 - Cross-Site Scripting
nuclei·CVSS 6.1
CVE-2023-24278 [MEDIUM] Squidex <7.4.0 - Cross-Site Scripting
Squidex alert(document.domain)"
- "looking for!"
condition: and
- type: word
part: header
words:
- "image/svg+xml"
- type: status
status:
- 200
# digest: 490a0046304402206201a3caa5c435d2ba161bb72b544e691fb1a836297ed2a11405deecfdc19d970220663bf1af18f1b0896d8aa785f2cedb27aa81613b239481240376791e68aad890:922c64590222798bb761d5b6d8e72950
https://census-labs.com/news/2023/03/16/reflected-xss-vulnerabilities-in-squidex-squidsvg-endpoint/https://www.openwall.com/lists/oss-security/2023/03/16/1https://census-labs.com/news/2023/03/16/reflected-xss-vulnerabilities-in-squidex-squidsvg-endpoint/https://www.openwall.com/lists/oss-security/2023/03/16/1
2023-03-18
Published