Stored XSS Via Maps Text Box Hyperlink Vulnerability 

(CVE-2021-35239)

Download PDF

Summary

A security researcher found a user with Orion map manage rights could store XSS through the text box hyperlink.

Affected Products

  • Orion Platform 2020.2.5 and earlier

Fixed Software Release

Acknowledgments

  • Kajetan Rostojek

Advisory Details

Severity

7.5 High

Advisory ID

CVE-2021-35239

First Published

07/20/2021

Last Updated

08/24/2021

Fixed Version

Orion Platform 2020.2.6 HF1

Workarounds

Workaround 1

CVSS Score

CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C /C:H/I:N/A:N