Vulnerability Details CVE-2022-23065
In Vendure versions 0.1.0-alpha.2 to 1.5.1 are affected by Stored XSS vulnerability, where an attacker having catalog permission can upload a SVG file that contains malicious JavaScript into the “Assets” tab. The uploaded file will affect administrators as well as regular users.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 41.9%
CVSS Severity
CVSS v3 Score 5.4
CVSS v2 Score 3.5
References
- https://github.com/vendure-ecommerce/vendure/commit/69a44869112c0a5b836e2ddd3969ea9b533f51f0
- https://www.whitesourcesoftware.com/vulnerability-database/CVE-2022-23065
- https://github.com/vendure-ecommerce/vendure/commit/69a44869112c0a5b836e2ddd3969ea9b533f51f0
- https://www.whitesourcesoftware.com/vulnerability-database/CVE-2022-23065
Products affected by CVE-2022-23065
-
cpe:2.3:a:vendure:vendure:0.1.0
-
cpe:2.3:a:vendure:vendure:0.1.2
-
cpe:2.3:a:vendure:vendure:0.10.0
-
cpe:2.3:a:vendure:vendure:0.10.1
-
cpe:2.3:a:vendure:vendure:0.11.0
-
cpe:2.3:a:vendure:vendure:0.11.1
-
cpe:2.3:a:vendure:vendure:0.12.1
-
cpe:2.3:a:vendure:vendure:0.12.2
-
cpe:2.3:a:vendure:vendure:0.12.3
-
cpe:2.3:a:vendure:vendure:0.12.4
-
cpe:2.3:a:vendure:vendure:0.12.5
-
cpe:2.3:a:vendure:vendure:0.13.0
-
cpe:2.3:a:vendure:vendure:0.13.1
-
cpe:2.3:a:vendure:vendure:0.14.0
-
cpe:2.3:a:vendure:vendure:0.14.1
-
cpe:2.3:a:vendure:vendure:0.15.0
-
cpe:2.3:a:vendure:vendure:0.15.1
-
cpe:2.3:a:vendure:vendure:0.15.2
-
cpe:2.3:a:vendure:vendure:0.16.0
-
cpe:2.3:a:vendure:vendure:0.16.1
-
cpe:2.3:a:vendure:vendure:0.16.2
-
cpe:2.3:a:vendure:vendure:0.16.3
-
cpe:2.3:a:vendure:vendure:0.17.0
-
cpe:2.3:a:vendure:vendure:0.17.1
-
cpe:2.3:a:vendure:vendure:0.17.2
-
cpe:2.3:a:vendure:vendure:0.17.3
-
cpe:2.3:a:vendure:vendure:0.18.0
-
cpe:2.3:a:vendure:vendure:0.18.1
-
cpe:2.3:a:vendure:vendure:0.18.2
-
cpe:2.3:a:vendure:vendure:0.18.3
-
cpe:2.3:a:vendure:vendure:0.18.4
-
cpe:2.3:a:vendure:vendure:0.18.5
-
cpe:2.3:a:vendure:vendure:0.2.0
-
cpe:2.3:a:vendure:vendure:0.2.1
-
cpe:2.3:a:vendure:vendure:0.3.0
-
cpe:2.3:a:vendure:vendure:0.3.1
-
cpe:2.3:a:vendure:vendure:0.3.3
-
cpe:2.3:a:vendure:vendure:0.3.4
-
cpe:2.3:a:vendure:vendure:0.4.0
-
cpe:2.3:a:vendure:vendure:0.5.0
-
cpe:2.3:a:vendure:vendure:0.5.1
-
cpe:2.3:a:vendure:vendure:0.6.0
-
cpe:2.3:a:vendure:vendure:0.6.1
-
cpe:2.3:a:vendure:vendure:0.6.2
-
cpe:2.3:a:vendure:vendure:0.6.4
-
cpe:2.3:a:vendure:vendure:0.6.5
-
cpe:2.3:a:vendure:vendure:0.7.0
-
cpe:2.3:a:vendure:vendure:0.8.0
-
cpe:2.3:a:vendure:vendure:0.8.1
-
cpe:2.3:a:vendure:vendure:0.8.2
-
cpe:2.3:a:vendure:vendure:0.9.0
-
cpe:2.3:a:vendure:vendure:1.0.0
-
cpe:2.3:a:vendure:vendure:1.0.1
-
cpe:2.3:a:vendure:vendure:1.0.2
-
cpe:2.3:a:vendure:vendure:1.0.3
-
cpe:2.3:a:vendure:vendure:1.1.0
-
cpe:2.3:a:vendure:vendure:1.1.1
-
cpe:2.3:a:vendure:vendure:1.1.2
-
cpe:2.3:a:vendure:vendure:1.1.3
-
cpe:2.3:a:vendure:vendure:1.1.4
-
cpe:2.3:a:vendure:vendure:1.1.5
-
cpe:2.3:a:vendure:vendure:1.2.0
-
cpe:2.3:a:vendure:vendure:1.2.1
-
cpe:2.3:a:vendure:vendure:1.2.2
-
cpe:2.3:a:vendure:vendure:1.2.3
-
cpe:2.3:a:vendure:vendure:1.3.0
-
cpe:2.3:a:vendure:vendure:1.3.1
-
cpe:2.3:a:vendure:vendure:1.3.2
-
cpe:2.3:a:vendure:vendure:1.3.3
-
cpe:2.3:a:vendure:vendure:1.3.4
-
cpe:2.3:a:vendure:vendure:1.4.0
-
cpe:2.3:a:vendure:vendure:1.4.1
-
cpe:2.3:a:vendure:vendure:1.4.2
-
cpe:2.3:a:vendure:vendure:1.4.3
-
cpe:2.3:a:vendure:vendure:1.4.4
-
cpe:2.3:a:vendure:vendure:1.4.5
-
cpe:2.3:a:vendure:vendure:1.4.6
-
cpe:2.3:a:vendure:vendure:1.4.7
-
cpe:2.3:a:vendure:vendure:1.5.0
-
cpe:2.3:a:vendure:vendure:1.5.1