PT-2023-33025 · Npm +1 · Cookie-Session +1

Name of the Vulnerable Software and Affected Versions: Vendure affected versions not specified Description: The issue concerns the default cookie settings in Vendure, an e-commerce GraphQL framework, which are insecure due to the SameSite setting being false by default. This setting originates fr...

Vendure 跨站脚本漏洞

Vendure is a headless GraphQL eCommerce framework based on Node.js and Nest ＆ TypeScript, focused on developer productivity and easy customization. version 0.1.0-alpha.2 to 1.5.1 of Vendure is vulnerable to a cross-site scripting vulnerability that stems from the program's lack of data validation...