.. / CVE-2023-24278

Exploit for Squidex <7.4.0 - Cross-Site Scripting (CVE-2023-24278)

Description:

Squidex before 7.4.0 contains a cross-site scripting vulnerability via the squid.svg endpoint. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.

Nuclei Template

View the template here CVE-2023-24278.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2023/CVE-2023-24278.yaml
Copy

References:

https://census-labs.com/news/2023/03/16/reflected-xss-vulnerabilities-in-squidex-squidsvg-endpoint/
https://www.openwall.com/lists/oss-security/2023/03/16/1
https://nvd.nist.gov/vuln/detail/CVE-2023-24278
https://github.com/karimhabush/cyberowl