Security Advisory

CVE-2023-46857

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2023-12-07 00:00:00

Last updated 2024-08-02 20:53:21

Assigner mitre

State PUBLISHED

Description

Squidex before 7.9.0 allows XSS via an SVG document to the Upload Assets feature. This occurs because there is an incomplete blacklist in the SVG inspection, allowing JavaScript in the SRC attribute of an IFRAME element. An authenticated attack with assets.create permission is required for exploitation.

← Browse all CVEs View on cve.org ↗