CVE-2023-46857

CVSS v3 5.4 MEDIUM

5.4^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.3 / Impact : 2.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

S

quidex before 7.9.0 allows XSS via an SVG document to the Upload Assets feature. This occurs because there is an incomplete blacklist in the SVG inspection, allowing JavaScript in the SRC attribute of an IFRAME element. An authenticated attack with assets.create permission is required for exploitation.

References

Link	Resource
http://www.openwall.com/lists/oss-security/2023/11/08/4	Mailing List
https://census-labs.com/news/2023/11/08/weak-svg-asset-filtering-mechanism-in-squidex-cms/	Exploit
https://support.squidex.io/c/news/9	Vendor Advisory
http://www.openwall.com/lists/oss-security/2023/11/08/4	Mailing List
https://census-labs.com/news/2023/11/08/weak-svg-asset-filtering-mechanism-in-squidex-cms/	Exploit
https://support.squidex.io/c/news/9	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:squidex.io:squidex:*:*:*:*:*:*:*:*

History

21 Nov 2024, 08:29

Type	Values Removed	Values Added
References	~~() http://www.openwall.com/lists/oss-security/2023/11/08/4 - Mailing List~~	() http://www.openwall.com/lists/oss-security/2023/11/08/4 - Mailing List
References	~~() https://census-labs.com/news/2023/11/08/weak-svg-asset-filtering-mechanism-in-squidex-cms/ - Exploit~~	() https://census-labs.com/news/2023/11/08/weak-svg-asset-filtering-mechanism-in-squidex-cms/ - Exploit
References	~~() https://support.squidex.io/c/news/9 - Vendor Advisory~~	() https://support.squidex.io/c/news/9 - Vendor Advisory

Information

Published : 2023-12-07 06:15

Updated : 2024-11-21 08:29

NVD link : CVE-2023-46857

Mitre link : CVE-2023-46857

CVE.ORG link : CVE-2023-46857

JSON object : View

Products Affected

squidex

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

{"id": "CVE-2023-46857", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.3}]}, "published": "2023-12-07T06:15:54.740", "references": [{"url": "http://www.openwall.com/lists/oss-security/2023/11/08/4", "tags": ["Mailing List"], "source": "[email protected]"}, {"url": "https://census-labs.com/news/2023/11/08/weak-svg-asset-filtering-mechanism-in-squidex-cms/", "tags": ["Exploit"], "source": "[email protected]"}, {"url": "https://support.squidex.io/c/news/9", "tags": ["Vendor Advisory"], "source": "[email protected]"}, {"url": "http://www.openwall.com/lists/oss-security/2023/11/08/4", "tags": ["Mailing List"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://census-labs.com/news/2023/11/08/weak-svg-asset-filtering-mechanism-in-squidex-cms/", "tags": ["Exploit"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://support.squidex.io/c/news/9", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Squidex before 7.9.0 allows XSS via an SVG document to the Upload Assets feature. This occurs because there is an incomplete blacklist in the SVG inspection, allowing JavaScript in the SRC attribute of an IFRAME element. An authenticated attack with assets.create permission is required for exploitation."}, {"lang": "es", "value": "Squidex anterior a 7.9.0 permite XSS a trav\u00e9s de un documento SVG en la funci\u00f3n Cargar activos. Esto ocurre porque hay una lista negra incompleta en la inspecci\u00f3n SVG, lo que permite JavaScript en el atributo SRC de un elemento IFRAME. Se requiere un ataque autenticado con permiso assets.create para la explotaci\u00f3n."}], "lastModified": "2024-11-21T08:29:26.160", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:squidex.io:squidex:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "90B9B378-EEF4-47AD-8833-B2E33F566A76", "versionEndExcluding": "7.9.0"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}