CVE-2022-23065
Published May 2, 2022
Last updated 3 years ago
Overview
- Description
- In Vendure versions 0.1.0-alpha.2 to 1.5.1 are affected by Stored XSS vulnerability, where an attacker having catalog permission can upload a SVG file that contains malicious JavaScript into the “Assets” tab. The uploaded file will affect administrators as well as regular users.
- Source
- vulnerabilitylab@mend.io
- NVD status
- Analyzed
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 5.4
- Impact score
- 2.7
- Exploitability score
- 2.3
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
- Severity
- MEDIUM
CVSS 2.0
- Type
- Primary
- Base score
- 3.5
- Impact score
- 2.9
- Exploitability score
- 6.8
- Vector string
- AV:N/AC:M/Au:S/C:N/I:P/A:N
Weaknesses
- vulnerabilitylab@mend.io
- CWE-79
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vendure:vendure:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "942E486B-0E5B-482B-B5AD-5C21EB1AC73B",
"versionEndIncluding": "1.5.1",
"versionStartIncluding": "0.1.2"
},
{
"criteria": "cpe:2.3:a:vendure:vendure:0.1.0:alpha10:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "61A62862-F19E-48C9-BB25-123EE8C8D6E5"
},
{
"criteria": "cpe:2.3:a:vendure:vendure:0.1.0:alpha11:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "763F7985-F48A-407E-9C96-96FA1F38E534"
},
{
"criteria": "cpe:2.3:a:vendure:vendure:0.1.0:alpha12:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D22953B9-DCCE-4254-ACE7-BD9183A59449"
},
{
"criteria": "cpe:2.3:a:vendure:vendure:0.1.0:alpha13:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4DD08957-E008-4D44-997F-A2EEC3E5B66D"
},
{
"criteria": "cpe:2.3:a:vendure:vendure:0.1.0:alpha14:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "80D154FB-87F9-4C11-A662-1726FFA53755"
},
{
"criteria": "cpe:2.3:a:vendure:vendure:0.1.0:alpha15:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E166C100-CC9B-4741-A5EA-74DD35E1B0FD"
},
{
"criteria": "cpe:2.3:a:vendure:vendure:0.1.0:alpha16:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5BD1F5C5-F9B9-4246-90FF-05F2C909B41C"
},
{
"criteria": "cpe:2.3:a:vendure:vendure:0.1.0:alpha18:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "BA2053B5-64D2-46D3-9D92-F3C7F7C313FD"
},
{
"criteria": "cpe:2.3:a:vendure:vendure:0.1.0:alpha2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "457A3442-17DC-456B-A1A8-40884B670F95"
},
{
"criteria": "cpe:2.3:a:vendure:vendure:0.1.0:alpha3:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1AAF4576-29AA-4C10-9B03-CDE5AA4DE6F5"
},
{
"criteria": "cpe:2.3:a:vendure:vendure:0.1.0:alpha4:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "851C8FD6-F4C2-4221-8AB8-A650F25CA593"
},
{
"criteria": "cpe:2.3:a:vendure:vendure:0.1.0:alpha5:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D3BC9BCD-FE96-4E3B-B042-640B89A7C0E0"
},
{
"criteria": "cpe:2.3:a:vendure:vendure:0.1.0:alpha6:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2C6E25E2-3C99-44EF-8AA7-30531E184601"
},
{
"criteria": "cpe:2.3:a:vendure:vendure:0.1.0:alpha7:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0ADC4F1C-DF60-4F16-97E2-3EA3D18E9ECD"
},
{
"criteria": "cpe:2.3:a:vendure:vendure:0.1.0:alpha8:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B41FDFE7-6B15-42A6-9617-5321D7C441CC"
},
{
"criteria": "cpe:2.3:a:vendure:vendure:0.1.0:alpha9:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B9007357-5B4E-4707-AC46-EEC90948B747"
}
],
"operator": "OR"
}
]
}
]