Persistent XSS Vulnerability in Sitecore 9.0 rev 171002 Media Library and File Manager

CVE-2019-13493 · LOW Severity

AV:N/AC:M/AU:S/C:N/I:P/A:N

In Sitecore 9.0 rev 171002, Persistent XSS exists in the Media Library and File Manager. An authenticated unprivileged user can modify the uploaded file extension parameter to inject arbitrary JavaScript.

Learn more about our User Device Pen Test.