{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-07-01T13:34:42.235","vulnerabilities":[{"cve":{"id":"CVE-2022-23065","sourceIdentifier":"vulnerabilitylab@mend.io","published":"2022-05-02T13:15:08.247","lastModified":"2026-06-17T04:29:26.780","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"In Vendure versions 0.1.0-alpha.2 to 1.5.1 are affected by Stored XSS vulnerability, where an attacker having catalog permission can upload a SVG file that contains malicious JavaScript into the “Assets” tab. The uploaded file will affect administrators as well as regular users."},{"lang":"es","value":"En Vendure versiones 0.1.0-alpha.2 a 1.5.1, están afectadas por una vulnerabilidad de tipo XSS almacenado, donde un atacante que tenga permiso de catálogo puede subir un archivo SVG que contenga JavaScript malicioso en la pestaña \"Assets\". El archivo subido afectará tanto a administradores como a usuarios normales"}],"affected":[{"source":"vulnerabilitylab@mend.io","affectedData":[{"vendor":"vendure-ecommerce","product":"vendure","versions":[{"version":"0.1.0-alpha.2","lessThan":"unspecified","versionType":"custom","status":"affected"},{"version":"unspecified","lessThanOrEqual":"1.5.1","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"vulnerabilitylab@mend.io","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:S/C:N/I:P/A:N","baseScore":3.5,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":6.8,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"vulnerabilitylab@mend.io","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:vendure:vendure:*:*:*:*:*:*:*:*","versionStartIncluding":"0.1.2","versionEndIncluding":"1.5.1","matchCriteriaId":"942E486B-0E5B-482B-B5AD-5C21EB1AC73B"},{"vulnerable":true,"criteria":"cpe:2.3:a:vendure:vendure:0.1.0:alpha10:*:*:*:*:*:*","matchCriteriaId":"61A62862-F19E-48C9-BB25-123EE8C8D6E5"},{"vulnerable":true,"criteria":"cpe:2.3:a:vendure:vendure:0.1.0:alpha11:*:*:*:*:*:*","matchCriteriaId":"763F7985-F48A-407E-9C96-96FA1F38E534"},{"vulnerable":true,"criteria":"cpe:2.3:a:vendure:vendure:0.1.0:alpha12:*:*:*:*:*:*","matchCriteriaId":"D22953B9-DCCE-4254-ACE7-BD9183A59449"},{"vulnerable":true,"criteria":"cpe:2.3:a:vendure:vendure:0.1.0:alpha13:*:*:*:*:*:*","matchCriteriaId":"4DD08957-E008-4D44-997F-A2EEC3E5B66D"},{"vulnerable":true,"criteria":"cpe:2.3:a:vendure:vendure:0.1.0:alpha14:*:*:*:*:*:*","matchCriteriaId":"80D154FB-87F9-4C11-A662-1726FFA53755"},{"vulnerable":true,"criteria":"cpe:2.3:a:vendure:vendure:0.1.0:alpha15:*:*:*:*:*:*","matchCriteriaId":"E166C100-CC9B-4741-A5EA-74DD35E1B0FD"},{"vulnerable":true,"criteria":"cpe:2.3:a:vendure:vendure:0.1.0:alpha16:*:*:*:*:*:*","matchCriteriaId":"5BD1F5C5-F9B9-4246-90FF-05F2C909B41C"},{"vulnerable":true,"criteria":"cpe:2.3:a:vendure:vendure:0.1.0:alpha18:*:*:*:*:*:*","matchCriteriaId":"BA2053B5-64D2-46D3-9D92-F3C7F7C313FD"},{"vulnerable":true,"criteria":"cpe:2.3:a:vendure:vendure:0.1.0:alpha2:*:*:*:*:*:*","matchCriteriaId":"457A3442-17DC-456B-A1A8-40884B670F95"},{"vulnerable":true,"criteria":"cpe:2.3:a:vendure:vendure:0.1.0:alpha3:*:*:*:*:*:*","matchCriteriaId":"1AAF4576-29AA-4C10-9B03-CDE5AA4DE6F5"},{"vulnerable":true,"criteria":"cpe:2.3:a:vendure:vendure:0.1.0:alpha4:*:*:*:*:*:*","matchCriteriaId":"851C8FD6-F4C2-4221-8AB8-A650F25CA593"},{"vulnerable":true,"criteria":"cpe:2.3:a:vendure:vendure:0.1.0:alpha5:*:*:*:*:*:*","matchCriteriaId":"D3BC9BCD-FE96-4E3B-B042-640B89A7C0E0"},{"vulnerable":true,"criteria":"cpe:2.3:a:vendure:vendure:0.1.0:alpha6:*:*:*:*:*:*","matchCriteriaId":"2C6E25E2-3C99-44EF-8AA7-30531E184601"},{"vulnerable":true,"criteria":"cpe:2.3:a:vendure:vendure:0.1.0:alpha7:*:*:*:*:*:*","matchCriteriaId":"0ADC4F1C-DF60-4F16-97E2-3EA3D18E9ECD"},{"vulnerable":true,"criteria":"cpe:2.3:a:vendure:vendure:0.1.0:alpha8:*:*:*:*:*:*","matchCriteriaId":"B41FDFE7-6B15-42A6-9617-5321D7C441CC"},{"vulnerable":true,"criteria":"cpe:2.3:a:vendure:vendure:0.1.0:alpha9:*:*:*:*:*:*","matchCriteriaId":"B9007357-5B4E-4707-AC46-EEC90948B747"}]}]}],"references":[{"url":"https://github.com/vendure-ecommerce/vendure/commit/69a44869112c0a5b836e2ddd3969ea9b533f51f0","source":"vulnerabilitylab@mend.io","tags":["Patch","Third Party Advisory"]},{"url":"https://www.whitesourcesoftware.com/vulnerability-database/CVE-2022-23065","source":"vulnerabilitylab@mend.io","tags":["Exploit","Third Party Advisory"]},{"url":"https://github.com/vendure-ecommerce/vendure/commit/69a44869112c0a5b836e2ddd3969ea9b533f51f0","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://www.whitesourcesoftware.com/vulnerability-database/CVE-2022-23065","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]}]}}]}