CVE-2019-20513

Name of the Vulnerable Software and Affected Versions Open edX Ironwood.1

Description The issue allows for reflected XSS, specifically through the support/certificates?user= endpoint. This can potentially lead to malicious script execution.

Recommendations For Open edX Ironwood.1, as a temporary workaround, consider restricting access to the support/certificates endpoint until a patch is available. Avoid using the user parameter in the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.