Stored XSS Vulnerability in Open edX Ironwood 2.5 via SVG File Uploads
CVE-2020-13145 · MEDIUM Severity
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Studio in Open edX Ironwood 2.5 allows users to upload SVG files via the "Content>File Uploads" screen. These files can contain JavaScript code and thus lead to Stored XSS.
Learn more about our User Device Pen Test.