Title: Cross-Site Request Forgery (CSRF) in Squidex CMS
CVE ID: CVE-2023-0642
CVSSv3 Base Score: 6.8 CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:H
Advisory Release Date: 3 February 2023
Advisory URL: https://labs.integrity.pt/advisories/cve-2023-0642
Credits: Discovery by Gil Pratas
Squidex is vulnerable to a CSRF attack that can be used to change a user’s email, thus blocking its access to the application.