2 matches found
CVE-2020-13145
Studio in Open edX Ironwood 2.5 allows users to upload SVG files via the "ContentFile Uploads" screen. These files can contain JavaScript code and thus lead to Stored XSS...
CVE-2020-13145
CVE-2020-13145 affects Open edX Studio (Ironwood 2.5). The vulnerability arises from allowing SVG file uploads via the Content > File Uploads screen, where uploaded SVGs can contain JavaScript and trigger Stored XSS. Multiple connected sources corroborate the same description, noting lack of p...