resources/public/js/orchestrator.js in openark orchestrator before 3.2.4 allows XSS via the orchestrator-msg parameter.
References
Link | Resource |
---|---|
https://github.com/openark/orchestrator/pull/1313 | Patch Third Party Advisory |
https://github.com/openark/orchestrator/releases/tag/v3.2.4 | Release Notes Third Party Advisory |
https://www.youtube.com/watch?v=DOYm0DIS3Us | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2021-03-03T22:00:05
Updated: 2021-03-04T20:16:00
Reserved: 2021-03-03T00:00:00
Link: CVE-2021-27940
JSON object: View
NVD Information
Status : Analyzed
Published: 2021-03-03T22:15:12.503
Modified: 2021-03-10T13:42:35.963
Link: CVE-2021-27940
JSON object: View
Redhat Information
No data.
CWE