VYPR
Unrated severityNVD Advisory· Published May 18, 2020· Updated Aug 4, 2024

CVE-2020-13145

CVE-2020-13145

Description

Studio in Open edX Ironwood 2.5 allows users to upload SVG files via the "Content>File Uploads" screen. These files can contain JavaScript code and thus lead to Stored XSS.

Affected products

2

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.