Skip to main content

Squidex CVE-2023-3580

MEDIUM
Improper Handling of Additional Special Element (CWE-167)
2023-07-10 security@huntr.dev
4.3
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
4.3 MEDIUM
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
None

Lifecycle Timeline

1
CVE Published
Jul 10, 2023 - 16:15 nvd
MEDIUM 4.3

DescriptionNVD

Improper Handling of Additional Special Element in GitHub repository squidex/squidex prior to 7.4.0.

AnalysisAI

Improper Handling of Additional Special Element in GitHub repository squidex/squidex prior to 7.4.0. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Technical ContextAI

This vulnerability is classified under CWE-167. Improper Handling of Additional Special Element in GitHub repository squidex/squidex prior to 7.4.0. Affected products include: Squidex.Io Squidex. Version information: prior to 7.4.0..

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2026-24736 CRITICAL POC
9.1 Jan 27

Server-Side Request Forgery (SSRF) vulnerability in Squidex CMS webhook configuration allows authenticated administrator

CVE-2023-46253 HIGH POC
7.2 Nov 07

Squidex is an open source headless CMS and content management hub. Rated high severity (CVSS 7.2), this vulnerability is

CVE-2023-0642 MEDIUM POC
6.5 Feb 02

Cross-Site Request Forgery (CSRF) in GitHub repository squidex/squidex prior to 7.4.0. Rated medium severity (CVSS 6.5),

CVE-2023-46252 MEDIUM POC
6.1 Nov 07

Squidex is an open source headless CMS and content management hub. Rated medium severity (CVSS 6.1), this vulnerability

CVE-2023-24278 MEDIUM POC
6.1 Mar 18

Squidex before 7.4.0 was discovered to contain a squid.svg cross-site scripting (XSS) vulnerability. Rated medium severi

CVE-2023-0643 MEDIUM POC
6.1 Feb 02

Improper Handling of Additional Special Element in GitHub repository squidex/squidex prior to 7.4.0. Rated medium severi

CVE-2023-46857 MEDIUM POC
5.4 Dec 07

Squidex before 7.9.0 allows XSS via an SVG document to the Upload Assets feature. Rated medium severity (CVSS 5.4), this

CVE-2023-46744 MEDIUM POC
5.4 Nov 07

Squidex is an open source headless CMS and content management hub. Rated medium severity (CVSS 5.4), this vulnerability

CVE-2026-41172 HIGH
7.3 Apr 22

Server-Side Request Forgery in Squidex versions prior to 7.23.0 allows authenticated users with asset upload permissions

CVE-2026-41171 HIGH
7.3 Apr 22

Server-Side Request Forgery (SSRF) in Squidex versions before 7.23.0 allows authenticated users with schema editing perm

CVE-2026-41170 HIGH
7.2 Apr 22

Server-Side Request Forgery in Squidex's backup restoration endpoint allows authenticated administrators to probe intern

CVE-2026-41177 MEDIUM
5.5 Apr 22

Blind Server-Side Request Forgery (SSRF) in Squidex prior to version 7.23.0 allows authenticated administrators to force

Share

CVE-2023-3580 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy