CVE-2022-23065

Published May 2, 2022

Last updated 3 months ago

CVSS medium 5.4

Overview

Description: In Vendure versions 0.1.0-alpha.2 to 1.5.1 are affected by Stored XSS vulnerability, where an attacker having catalog permission can upload a SVG file that contains malicious JavaScript into the “Assets” tab. The uploaded file will affect administrators as well as regular users.
Source: vulnerabilitylab@mend.io
NVD status: Modified

Risk scores

CVSS 3.1

Type: Secondary
Base score: 5.4
Impact score: 2.7
Exploitability score: 2.3
Vector string: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Severity: MEDIUM

CVSS 2.0

Type: Primary
Base score: 3.5
Impact score: 2.9
Exploitability score: 6.8
Vector string: AV:N/AC:M/Au:S/C:N/I:P/A:N

Weaknesses

vulnerabilitylab@mend.io: CWE-79

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:vendure:vendure:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "942E486B-0E5B-482B-B5AD-5C21EB1AC73B",
            "versionEndIncluding": "1.5.1",
            "versionStartIncluding": "0.1.2"
          },
          {
            "criteria": "cpe:2.3:a:vendure:vendure:0.1.0:alpha10:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "61A62862-F19E-48C9-BB25-123EE8C8D6E5"
          },
          {
            "criteria": "cpe:2.3:a:vendure:vendure:0.1.0:alpha11:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "763F7985-F48A-407E-9C96-96FA1F38E534"
          },
          {
            "criteria": "cpe:2.3:a:vendure:vendure:0.1.0:alpha12:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D22953B9-DCCE-4254-ACE7-BD9183A59449"
          },
          {
            "criteria": "cpe:2.3:a:vendure:vendure:0.1.0:alpha13:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4DD08957-E008-4D44-997F-A2EEC3E5B66D"
          },
          {
            "criteria": "cpe:2.3:a:vendure:vendure:0.1.0:alpha14:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "80D154FB-87F9-4C11-A662-1726FFA53755"
          },
          {
            "criteria": "cpe:2.3:a:vendure:vendure:0.1.0:alpha15:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E166C100-CC9B-4741-A5EA-74DD35E1B0FD"
          },
          {
            "criteria": "cpe:2.3:a:vendure:vendure:0.1.0:alpha16:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5BD1F5C5-F9B9-4246-90FF-05F2C909B41C"
          },
          {
            "criteria": "cpe:2.3:a:vendure:vendure:0.1.0:alpha18:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BA2053B5-64D2-46D3-9D92-F3C7F7C313FD"
          },
          {
            "criteria": "cpe:2.3:a:vendure:vendure:0.1.0:alpha2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "457A3442-17DC-456B-A1A8-40884B670F95"
          },
          {
            "criteria": "cpe:2.3:a:vendure:vendure:0.1.0:alpha3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1AAF4576-29AA-4C10-9B03-CDE5AA4DE6F5"
          },
          {
            "criteria": "cpe:2.3:a:vendure:vendure:0.1.0:alpha4:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "851C8FD6-F4C2-4221-8AB8-A650F25CA593"
          },
          {
            "criteria": "cpe:2.3:a:vendure:vendure:0.1.0:alpha5:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D3BC9BCD-FE96-4E3B-B042-640B89A7C0E0"
          },
          {
            "criteria": "cpe:2.3:a:vendure:vendure:0.1.0:alpha6:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2C6E25E2-3C99-44EF-8AA7-30531E184601"
          },
          {
            "criteria": "cpe:2.3:a:vendure:vendure:0.1.0:alpha7:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0ADC4F1C-DF60-4F16-97E2-3EA3D18E9ECD"
          },
          {
            "criteria": "cpe:2.3:a:vendure:vendure:0.1.0:alpha8:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B41FDFE7-6B15-42A6-9617-5321D7C441CC"
          },
          {
            "criteria": "cpe:2.3:a:vendure:vendure:0.1.0:alpha9:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B9007357-5B4E-4707-AC46-EEC90948B747"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References