CVE-2019-13493

Name of the Vulnerable Software and Affected Versions Sitecore version 9.0 rev 171002

Description The issue exists in the Media Library and File Manager of the affected software, where an authenticated unprivileged user can inject arbitrary JavaScript by modifying the uploaded file extension parameter, resulting in a Persistent XSS condition.

Recommendations For Sitecore version 9.0 rev 171002, consider restricting access to the Media Library and File Manager to minimize the risk of exploitation until a patch is available. Avoid using the file extension parameter in the affected modules until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.