Title: Stored cross-site scripting in OpenAsset Digital Asset Management by OpenAsset
Discovery: Jack Misiura on behalf of The Missing Link Security
Successful exploitation of this issue may allow an attacker to perform unauthorised actions in a user’s security context, when the said user visits the affected pages.
Discovered in: 12.0.19 (Cloud) 11.2.1 (On-Premise)
Fixed in: 12.0.23 (Cloud) 11.4.10 (On-Premise)
OpenAsset would like to thank Jack Misiura for reporting this vulnerability.