Lucene search

K
githubGitHub Advisory DatabaseGHSA-5GG9-GWJ4-MQMJ
HistoryOct 04, 2022 - 12:00 a.m.

OrchardCore vulnerable to HTML injection

2022-10-0400:00:20
CWE-79
GitHub Advisory Database
github.com
15
orchardcore
html injection
vulnerability
versions
patch
admin users

EPSS

0.001

Percentile

21.4%

OrchardCore versions starting with 1.0.0-rc1-11259 and prior to 1.4.0 are vulnerable to HTML injection. The vulnerability allows an authenticated user with an editor security role to inject a persistent HTML modal dialog component into the dashboard that will affect admin users. Version 1.4.0 contains a patch.

Affected configurations

Vulners
Node
orchardcoreorchardcoreRange1.0.0-rc1-112591.4.0
VendorProductVersionCPE
orchardcoreorchardcore*cpe:2.3:a:orchardcore:orchardcore:*:*:*:*:*:*:*:*

EPSS

0.001

Percentile

21.4%

Related for GHSA-5GG9-GWJ4-MQMJ