CVE-2023-46857 - Vulnerability Details - OpenCVE

Squidex before 7.9.0 allows XSS via an SVG document to the Upload Assets feature. This occurs because there is an incomplete blacklist in the SVG inspection, allowing JavaScript in the SRC attribute of an IFRAME element. An authenticated attack with assets.create permission is required for exploitation.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Squidex.io	Squidex

Configuration 1 [-]

cpe:2.3:a:squidex.io:squidex:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://www.openwall.com/lists/oss-security/2023/11/08/4
https://census-labs.com/news/2023/11/08/weak-svg-asset-filtering-mechanism-in-squidex-cms/
https://support.squidex.io/c/news/9

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2023-12-07T00:00:00

Updated: 2024-08-02T20:53:21.945Z

Reserved: 2023-10-28T00:00:00

Link: CVE-2023-46857

Vulnrichment

No data.

NVD

Status : Modified

Published: 2023-12-07T06:15:54.740

Modified: 2024-11-21T08:29:26.160

Link: CVE-2023-46857

Redhat

No data.

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:squidex.io:squidex:*:*:*:*:*:*:*:*", "matchCriteriaId": "90B9B378-EEF4-47AD-8833-B2E33F566A76", "versionEndExcluding": "7.9.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Squidex before 7.9.0 allows XSS via an SVG document to the Upload Assets feature. This occurs because there is an incomplete blacklist in the SVG inspection, allowing JavaScript in the SRC attribute of an IFRAME element. An authenticated attack with assets.create permission is required for exploitation."}, {"lang": "es", "value": "Squidex anterior a 7.9.0 permite XSS a trav\u00e9s de un documento SVG en la funci\u00f3n Cargar activos. Esto ocurre porque hay una lista negra incompleta en la inspecci\u00f3n SVG, lo que permite JavaScript en el atributo SRC de un elemento IFRAME. Se requiere un ataque autenticado con permiso assets.create para la explotaci\u00f3n."}], "id": "CVE-2023-46857", "lastModified": "2024-11-21T08:29:26.160", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-12-07T06:15:54.740", "references": [{"source": "cve@mitre.org", "tags": ["Mailing List"], "url": "http://www.openwall.com/lists/oss-security/2023/11/08/4"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "https://census-labs.com/news/2023/11/08/weak-svg-asset-filtering-mechanism-in-squidex-cms/"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://support.squidex.io/c/news/9"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List"], "url": "http://www.openwall.com/lists/oss-security/2023/11/08/4"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "https://census-labs.com/news/2023/11/08/weak-svg-asset-filtering-mechanism-in-squidex-cms/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://support.squidex.io/c/news/9"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}