CVE-2023-46252

{"id": "CVE-2023-46252", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.8}, {"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.8, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 4.7, "exploitabilityScore": 2.1}]}, "published": "2023-11-07T19:15:11.573", "references": [{"url": "https://github.com/Squidex/squidex/security/advisories/GHSA-7q4f-fprr-5jw8", "tags": ["Exploit", "Vendor Advisory"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Squidex is an open source headless CMS and content management hub. Affected versions are missing origin verification in a postMessage handler which introduces a Cross-Site Scripting (XSS) vulnerability. The editor-sdk.js file defines three different class-like functions, which employ a global message event listener: SquidexSidebar, SquidexWidget, and SquidexFormField. The registered event listener takes some action based on the type of the received message. For example, when the SquidexFormField receives a message with the type valueChanged, the value property is updated. The SquidexFormField class is for example used in the editor-editorjs.html file, which can be accessed via the public wwwroot folder. It uses the onValueChanged method to register a callback function, which passes the value provided from the message event to the editor.render. Passing an attacker-controlled value to this function introduces a Cross-Site Scripting (XSS) vulnerability."}, {"lang": "es", "value": "Squidex es un centro de gesti\u00f3n de contenidos y CMS headless de c\u00f3digo abierto. A las versiones afectadas les falta la verificaci\u00f3n de origen en un controlador postMessage, lo que introduce una vulnerabilidad de Cross-Site Scripting (XSS). El archivo editor-sdk.js define tres funciones similares a clases diferentes, que emplean un detector de eventos de mensajes global: SquidexSidebar, SquidexWidget y SquidexFormField. El detector de eventos registrado realiza alguna acci\u00f3n seg\u00fan el tipo de mensaje recibido. Por ejemplo, cuando SquidexFormField recibe un mensaje con el tipo valueChanged, la propiedad del valor se actualiza. La clase SquidexFormField se utiliza, por ejemplo, en el archivo editor-editorjs.html, al que se puede acceder a trav\u00e9s de la carpeta p\u00fablica wwwroot. Utiliza el m\u00e9todo onValueChanged para registrar una funci\u00f3n de devoluci\u00f3n de llamada, que pasa el valor proporcionado por el evento del mensaje al editor.render. Pasar un valor controlado por un atacante a esta funci\u00f3n introduce una vulnerabilidad de Cross-Site Scripting (XSS)."}], "lastModified": "2023-11-15T15:52:36.240", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:squidex.io:squidex:7.8.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "583031EC-994B-4E77-992B-9B2367142172"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}