Resource.aspx Reflected Cross-Site Scripting Vulnerability
(CVE-2021-35222)
Security Advisory Summary
Resource.aspx Reflected Cross-Site Scripting Vulnerability. This vulnerability allows attackers to impersonate users and perform arbitrary actions on their behalf.
Affected Products
- Orion Platform 2020.2.5 and earlier
Fixed Software Release
Acknowledgments
- Alex Birnberg of Zymo Security and FireEye
Advisory Details
Severity
8.0 High
Advisory ID
First Published
07/15/2021
Last Updated
08/24/2021
Fixed Version
Orion Platform 2020.2.6 HF1