Impact
Core Components version 2.20.6 (and earlier) suffer from a Reflected Cross-site Scripting (XSS) vulnerability in AdaptiveImageServlet via SVG images. An attacker with author access can upload a special crafted SVG image (including a malicious Javascript) and obtain a link that, when loaded by another authenticated users, will execute the malicious script and gain access to other user's session.
Patches
The issue has been resolved in 2.20.8.
Workarounds
None
References
N/A
For more information
If you have any questions or comments about this advisory:
Impact
Core Components version 2.20.6 (and earlier) suffer from a Reflected Cross-site Scripting (XSS) vulnerability in
AdaptiveImageServletvia SVG images. An attacker with author access can upload a special crafted SVG image (including a malicious Javascript) and obtain a link that, when loaded by another authenticated users, will execute the malicious script and gain access to other user's session.Patches
The issue has been resolved in 2.20.8.
Workarounds
None
References
N/A
For more information
If you have any questions or comments about this advisory: