Squidex.Io ≫ Squidex

Squidex is an open source headless content management system and content management hub. Versions of the application up to and including 7.21.0 allow users to define "Webhooks" as actions within the Rules engine. The url parameter in the webhook conf...

Squidex before 7.9.0 allows XSS via an SVG document to the Upload Assets feature. This occurs because there is an incomplete blacklist in the SVG inspection, allowing JavaScript in the SRC attribute of an IFRAME element. An authenticated attack with ...

Squidex is an open source headless CMS and content management hub. Affected versions are subject to an arbitrary file write vulnerability in the backup restore feature which allows an authenticated attacker to gain remote code execution (RCE). Squide...

Squidex is an open source headless CMS and content management hub. Affected versions are missing origin verification in a postMessage handler which introduces a Cross-Site Scripting (XSS) vulnerability. The editor-sdk.js file defines three different ...

Squidex is an open source headless CMS and content management hub. In affected versions a stored Cross-Site Scripting (XSS) vulnerability enables privilege escalation of authenticated users. The SVG element filtering mechanism intended to stop XSS at...

Improper Handling of Additional Special Element in GitHub repository squidex/squidex prior to 7.4.0.

Squidex before 7.4.0 was discovered to contain a squid.svg cross-site scripting (XSS) vulnerability.

Cross-Site Request Forgery (CSRF) in GitHub repository squidex/squidex prior to 7.4.0.

Improper Handling of Additional Special Element in GitHub repository squidex/squidex prior to 7.4.0.