CVE-2022-23065 in Vendure
Сводка
по MITRE • 02.05.2022
In Vendure versions 0.1.0-alpha.2 to 1.5.1 are affected by Stored XSS vulnerability, where an attacker having catalog permission can upload a SVG file that contains malicious JavaScript into the “Assets” tab. The uploaded file will affect administrators as well as regular users.
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.