Stored XSS Via Help Server Setting Vulnerability
(CVE-2021-35240)
Summary
A security researcher found a stored XSS via a Help Server setting. This affects customers using Internet Explorer because they do not support 'rel=noopener'
Affected Products
- Orion Platform 2020.2.5 and earlier
Fixed Software Release
Acknowledgments
- Kajetan Rostojek
Advisory Details
Severity
6.5 High
Advisory ID
First Published
07/20/2021
Last Updated
08/24/2021
Fixed Version
Orion Platform 2020.2.6 HF1