VYPR
Unrated severityNVD Advisory· Published Dec 7, 2023· Updated Aug 2, 2024

CVE-2023-46857

CVE-2023-46857

Description

Squidex before 7.9.0 allows XSS via an SVG document to the Upload Assets feature. This occurs because there is an incomplete blacklist in the SVG inspection, allowing JavaScript in the SRC attribute of an IFRAME element. An authenticated attack with assets.create permission is required for exploitation.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Squidex/Squidexcpe-rescue2 versions
    (expand)+ 1 more
    • (no CPE)
    • (no CPE)range: <7.9.0

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.