exploitDog

CVE-2023-24278

Опубликовано: 18 мар. 2023

Источник: nvd

CVSS3: 6.1

EPSS Средний

Описание

Squidex before 7.4.0 was discovered to contain a squid.svg cross-site scripting (XSS) vulnerability.

Ссылки

https://census-labs.com/news/2023/03/16/reflected-xss-vulnerabilities-in-squidex-squidsvg-endpoint/
Exploit
Third Party Advisory
https://www.openwall.com/lists/oss-security/2023/03/16/1
Mailing List
Third Party Advisory
https://census-labs.com/news/2023/03/16/reflected-xss-vulnerabilities-in-squidex-squidsvg-endpoint/
Exploit
Third Party Advisory
https://www.openwall.com/lists/oss-security/2023/03/16/1
Mailing List
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:squidex.io:squidex:*:*:*:*:*:*:*:*

Версия до 7.4.0 (исключая)

EPSS

Процентиль: 98%

0.6073

Средний

6.1 Medium

CVSS3

Дефекты

CWE-79

CWE-79

Связанные уязвимости

GHSA-xf98-7xfh-rcv5

CVSS3: 6.1

github

почти 3 года назад

Squidex before 7.4.0 was discovered to contain a squid.svg cross-site scripting (XSS) vulnerability.

EPSS

Процентиль: 98%

0.6073

Средний

6.1 Medium

CVSS3

Дефекты

CWE-79

CWE-79