Stored XSS Through URL POST Parameter In CreateExternalWebsite Vulnerability 

(CVE-2021-35238)

Security Advisory Summary

A security researcher found a user with Orion admin rights could store XSS through URL POST parameter in CreateExternalWebsite website.

Affected Products

  • Orion Platform 2020.2.5 and earlier

Fixed Software Release

Acknowledgments

  • Kajetan Rostojek

Advisory Details

Severity

7.1 High

Advisory ID

First Published

07/20/2021

Last Updated

08/24/2021

Version

Orion Platform 2020.2.6 HF1