February 03, 2023

CVE-2023-0642 - Cross-Site Request Forgery (CSRF) in Squidex CMS

1. Vulnerability Properties

Title: Cross-Site Request Forgery (CSRF) in Squidex CMS
CVE ID: CVE-2023-0642
CVSSv3 Base Score: 6.8 CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:H
Products: Squidex
Advisory Release Date: 3 February 2023
Advisory URL: https://labs.integrity.pt/advisories/cve-2023-0642
Credits: Discovery by Gil Pratas

2. Vulnerability Summary

Squidex is vulnerable to a CSRF attack that can be used to change a user’s email, thus blocking its access to the application.

3. Vulnerable Versions

< 7.4.0

4. Solution

Vendor marked fixed in version 7.4.0

5. Vulnerability Timeline

26/Jan/23 - Vulnerability reported to vendor
1/Feb/23 - Vulnerability verified and fixed by vendor
3/Feb/23 - Advisory Released

6. References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0642

CVE-2022-37721 - Stored Cross-Site Scripting in PyroCMS

CVE-2022-46496 - Missing TLS Certificate Validation in DoorEntry HOMETOUCH for iOS

Latest Advisories

Latest Articles

© 2024 INTEGRITY S.A. All rights reserved. | Cookie Policy

Cookie Consent X

Integrity S.A. uses cookies for analytical and more personalized information presentation purposes, based on your browsing habits and profile. For more detailed information, see our Cookie Policy.