VYPR
Medium severity5.4NVD Advisory· Published May 2, 2022· Updated Jun 17, 2026

CVE-2022-23065

CVE-2022-23065

Description

In Vendure versions 0.1.0-alpha.2 to 1.5.1 are affected by Stored XSS vulnerability, where an attacker having catalog permission can upload a SVG file that contains malicious JavaScript into the “Assets” tab. The uploaded file will affect administrators as well as regular users.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Range: >=0.1.0-alpha.2, <=1.5.1
  • vendure-ecommerce/vendurev5
    Range: 0.1.0-alpha.2

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.