Stored XSS Vulnerability in Open edX Ironwood 2.5 via SVG File Uploads

Stored XSS Vulnerability in Open edX Ironwood 2.5 via SVG File Uploads

CVE-2020-13145 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Studio in Open edX Ironwood 2.5 allows users to upload SVG files via the "Content>File Uploads" screen. These files can contain JavaScript code and thus lead to Stored XSS.

Learn more about our User Device Pen Test.