2 matches found
CVE-2022-23065
creationtimestamp| type| source ---|---|--- 2022-05-02 16:27:52+00:00| seen| https://t.me/cibsecurity/41717...
CVE-2022-23065
CVE-2022-23065 affects Vendure versions 0.1.0-alpha.2 to 1.5.1, with a Stored XSS vulnerability that allows an attacker with catalog permission to upload an SVG containing JavaScript in the Assets tab. The uploaded file can affect administrators and regular users. The root cause is described as i...