Openark · Openark Orchestrator · CVE-2021-27940
Name of the Vulnerable Software and Affected Versions:
openark orchestrator versions prior to 3.2.4
Description:
The issue allows for XSS via the `orchestrator-msg` parameter in the resources/public/js/orchestrator.js file.
Recommendations:
For versions prior to 3.2.4, update to version 3.2.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the `orchestrator-msg` parameter to minimize the risk of exploitation.