Studio in Open edX Ironwood 2.5 allows users to upload SVG files via the "Content>File Uploads" screen. These files can contain JavaScript code and thus lead to Stored XSS.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://stark0de.com/2020/05/17/openedx-vulnerabilities.html |
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2020-05-18T18:24:25
Updated: 2024-08-04T12:11:19.043Z
Reserved: 2020-05-18T00:00:00
Link: CVE-2020-13145
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2020-05-18T19:15:11.543
Modified: 2020-05-20T18:30:58.367
Link: CVE-2020-13145
Redhat
No data.