Stored XSS Via Maps Text Box Hyperlink Vulnerability
(CVE-2021-35239)
Summary
A security researcher found a user with Orion map manage rights could store XSS through the text box hyperlink.
Affected Products
- Orion Platform 2020.2.5 and earlier
Fixed Software Release
Acknowledgments
- Kajetan Rostojek
Advisory Details
Severity
7.5 High
Advisory ID
First Published
07/20/2021
Last Updated
08/24/2021
Fixed Version
Orion Platform 2020.2.6 HF1