Unrated severityNVD Advisory· Published May 18, 2020· Updated Aug 4, 2024
CVE-2020-13145
CVE-2020-13145
Description
Studio in Open edX Ironwood 2.5 allows users to upload SVG files via the "Content>File Uploads" screen. These files can contain JavaScript code and thus lead to Stored XSS.
Affected products
2- Open edX/Studiodescription
Patches
Vulnerability mechanics
References
1- stark0de.com/2020/05/17/openedx-vulnerabilities.htmlmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.