RSS   Vulnerabilities for 'Vendure'   RSS

2022-05-02
 
CVE-2022-23065

CWE-79
 

 
In Vendure versions 0.1.0-alpha.2 to 1.5.1 are affected by Stored XSS vulnerability, where an attacker having catalog permission can upload a SVG file that contains malicious JavaScript into the �??Assets�?� tab. The uploaded file will affect administrators as well as regular users.

 


Copyright 2024, cxsecurity.com

 

Back to Top