Squidex.Io Squidex vulnerabilities
9 known vulnerabilities affecting squidex.io/squidex.
Total CVEs
9
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
HIGH2MEDIUM7
Vulnerabilities
Page 1 of 1
CVE-2023-24278P3MEDIUMCVSS 6.1PoCfixed in 7.4.02023-03-18
CVE-2023-24278 [MEDIUM] CWE-79 CVE-2023-24278: Squidex before 7.4.0 was discovered to contain a squid.svg cross-site scripting (XSS) vulnerability.
Squidex before 7.4.0 was discovered to contain a squid.svg cross-site scripting (XSS) vulnerability.
nvd
CVE-2026-24736P3HIGHCVSS 8.8≤ 7.21.02026-01-27
CVE-2026-24736 [HIGH] CWE-918 CVE-2026-24736: Squidex is an open source headless content management system and content management hub. Versions of
Squidex is an open source headless content management system and content management hub. Versions of the application up to and including 7.21.0 allow users to define "Webhooks" as actions within the Rules engine. The url parameter in the webhook configuration does not appear to validate or restrict destination IP addresses. It accepts local addresses
nvd
CVE-2023-46253P3HIGHCVSS 7.2v7.8.22023-11-07
CVE-2023-46253 [HIGH] CWE-22 CVE-2023-46253: Squidex is an open source headless CMS and content management hub. Affected versions are subject to
Squidex is an open source headless CMS and content management hub. Affected versions are subject to an arbitrary file write vulnerability in the backup restore feature which allows an authenticated attacker to gain remote code execution (RCE). Squidex allows users with the `squidex.admin.restore` permission to create and restore backups. Part of these b
nvd
CVE-2023-46744P4MEDIUMCVSS 5.4≤ 7.8.22023-11-07
CVE-2023-46744 [MEDIUM] CWE-79 CVE-2023-46744: Squidex is an open source headless CMS and content management hub. In affected versions a stored Cro
Squidex is an open source headless CMS and content management hub. In affected versions a stored Cross-Site Scripting (XSS) vulnerability enables privilege escalation of authenticated users. The SVG element filtering mechanism intended to stop XSS attacks through uploaded SVG images, is insufficient resulting to stored XSS attacks. Squidex allows the
nvd
CVE-2023-0642P4MEDIUMCVSS 6.5fixed in 7.4.02023-02-02
CVE-2023-0642 [MEDIUM] CWE-352 CVE-2023-0642: Cross-Site Request Forgery (CSRF) in GitHub repository squidex/squidex prior to 7.4.0.
Cross-Site Request Forgery (CSRF) in GitHub repository squidex/squidex prior to 7.4.0.
nvd
CVE-2023-46857P4MEDIUMCVSS 5.4fixed in 7.9.02023-12-07
CVE-2023-46857 [MEDIUM] CWE-79 CVE-2023-46857: Squidex before 7.9.0 allows XSS via an SVG document to the Upload Assets feature. This occurs becaus
Squidex before 7.9.0 allows XSS via an SVG document to the Upload Assets feature. This occurs because there is an incomplete blacklist in the SVG inspection, allowing JavaScript in the SRC attribute of an IFRAME element. An authenticated attack with assets.create permission is required for exploitation.
nvd
CVE-2023-46252P4MEDIUMCVSS 6.1v7.8.22023-11-07
CVE-2023-46252 [MEDIUM] CWE-79 CVE-2023-46252: Squidex is an open source headless CMS and content management hub. Affected versions are missing ori
Squidex is an open source headless CMS and content management hub. Affected versions are missing origin verification in a postMessage handler which introduces a Cross-Site Scripting (XSS) vulnerability. The editor-sdk.js file defines three different class-like functions, which employ a global message event listener: SquidexSidebar, SquidexWidget, and
nvd
CVE-2023-0643P4MEDIUMCVSS 6.1fixed in 7.4.02023-02-02
CVE-2023-0643 [MEDIUM] CWE-167 CVE-2023-0643: Improper Handling of Additional Special Element in GitHub repository squidex/squidex prior to 7.4.0.
Improper Handling of Additional Special Element in GitHub repository squidex/squidex prior to 7.4.0.
nvd
CVE-2023-3580P4MEDIUMCVSS 4.3fixed in 7.4.02023-07-10
CVE-2023-3580 [MEDIUM] CWE-167 CVE-2023-3580: Improper Handling of Additional Special Element in GitHub repository squidex/squidex prior to 7.4.0.
Improper Handling of Additional Special Element in GitHub repository squidex/squidex prior to 7.4.0.
nvd