{"vulnerability": "CVE-2022-23065", "sightings": [{"uuid": "93ea8c34-9ef0-4210-a0ca-32cbf38afb57", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23065", "type": "seen", "source": "https://t.me/cibsecurity/41717", "content": "\u203c CVE-2022-23065 \u203c\n\nIn Vendure versions 0.1.0-alpha.2 to 1.5.1 are affected by Stored XSS vulnerability, where an attacker having catalog permission can upload a SVG file that contains malicious JavaScript into the \u00e2\u20ac\u0153Assets\u00e2\u20ac\ufffd tab. The uploaded file will affect administrators as well as regular users.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-05-02T16:27:52.000000Z"}]}