Stored XSS Through URL POST Parameter In CreateExternalWebsite Vulnerability
(CVE-2021-35238)
Security Advisory Summary
A security researcher found a user with Orion admin rights could store XSS through URL POST parameter in CreateExternalWebsite website.
Affected Products
- Orion Platform 2020.2.5 and earlier
Fixed Software Release
Acknowledgments
- Kajetan Rostojek
Advisory Details
Severity
7.1 High
Advisory ID
First Published
07/20/2021
Last Updated
08/24/2021
Version
Orion Platform 2020.2.6 HF1