CVE-2022-23065 in VendureИнформация

Сводка

по MITRE • 02.05.2022

In Vendure versions 0.1.0-alpha.2 to 1.5.1 are affected by Stored XSS vulnerability, where an attacker having catalog permission can upload a SVG file that contains malicious JavaScript into the “Assets” tab. The uploaded file will affect administrators as well as regular users.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Ответственный

WhiteSource

Резервировать

10.01.2022

Раскрытие

02.05.2022

Модерация

принято

Вход

VDB-198796

EPSS

0.00588

KEV

Нет

Деятельности

Очень низкий

Источники

Do you need the next level of professionalism?

Upgrade your account now!