CVE-2020-37019 Orchard Core RC1 - Persistent Cross-Site Scripting

Orchard Core RC1 contains a persistent cross-site scripting vulnerability that allows remote attackers to inject malicious scripts through blog post creation. Attackers can create blog posts with embedded JavaScript in the MarkdownBodyPart.Source parameter to execute arbitrary scripts in victim...

CVE-2020-37019 Orchard Core RC1 - Persistent Cross-Site Scripting

Orchard Core RC1 contains a persistent cross-site scripting vulnerability that allows remote attackers to inject malicious scripts through blog post creation. Attackers can create blog posts with embedded JavaScript in the MarkdownBodyPart.Source parameter to execute arbitrary scripts in victim...

CVE-2020-37019

Orchard Core RC1 contains a persistent cross-site scripting vulnerability that allows remote attackers to inject malicious scripts through blog post creation. Attackers can create blog posts with embedded JavaScript in the MarkdownBodyPart.Source parameter to execute arbitrary scripts in victim...

EUVD-2020-30959

Orchard Core RC1 contains a persistent cross-site scripting vulnerability that allows remote attackers to inject malicious scripts through blog post creation. Attackers can create blog posts with embedded JavaScript in the MarkdownBodyPart.Source parameter to execute arbitrary scripts in victim...

CVE-2020-37019

Orchard Core RC1 contains a persistent cross-site scripting (XSS) vulnerability that lets an attacker inject malicious JavaScript via blog posts. The flaw is triggered when embedded JavaScript is placed in the MarkdownBodyPart.Source parameter during blog-post creation, allowing code execution in...

PT-2026-5416

Orchard Core RC1 contains a persistent cross-site scripting vulnerability that allows remote attackers to inject malicious scripts through blog post creation. Attackers can create blog posts with embedded JavaScript in the MarkdownBodyPart.Source parameter to execute arbitrary scripts in victim...

Orchard Core cross-site scripting vulnerabilities

Orchard Core is an open-source modularized and multi-tenant application framework built using Asp.Net Core by the US-based Orchard Core company. It also includes a content management system Cms built on top of this framework. The Orchard Core RC1 version contained a cross-site scripting...

Tale Blog Security Vulnerabilities

Tale Blog is a Java blog developed using the Tale Blog System, which is open-source. Version 2.0.5 of Tale Blog has a security vulnerability that can be exploited by cross-site scripting attacks...

Best IT Managed Services for Large Enterprises

Learn what defines top-tier enterprise managed IT services, why they matter, and how Mindcore Technologies meets large-scale business demands...

Enhancements to Akamai API Security, Q4 2025

The Q4 2025 Akamai API Security updates help organizations shift security left, improve coverage, and reduce friction...

ICE Asks Companies About ‘Ad Tech and Big Data’ Tools It Could Use in Investigations

A new federal filing from ICE demonstrates how commercial tools are increasingly being considered by the government for law enforcement and surveillance...

Friday Squid Blogging: Giant Squid in the Star Trek Universe

Spock befriends a giant space squid in the comic Star Trek: Strange New Worlds: The Seeds of Salvation 5. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Blog moderation policy...

Exploit for CVE-2024-9932

CVE-2024-9932 / 0-Click RCE Exploit - Author: Joshua Provoste...

Valkey: The Future of Open Source In-Memory Data Stores

...

CVE-2026-1136 lcg0124 BootDo ContentController save cross site scripting

A weakness has been identified in lcg0124 BootDo up to e93dd428ef6f5c881aa74d49a2099ab0cf1e0fcb. Affected is the function Save of the file /blog/bContent/save of the component ContentController. This manipulation of the argument content/author/title causes cross site scripting. Remote exploitatio...

CVE-2026-1136 lcg0124 BootDo ContentController save cross site scripting

A weakness has been identified in lcg0124 BootDo up to e93dd428ef6f5c881aa74d49a2099ab0cf1e0fcb. Affected is the function Save of the file /blog/bContent/save of the component ContentController. This manipulation of the argument content/author/title causes cross site scripting. Remote exploitatio...

PT-2026-3423

A weakness has been identified in lcg0124 BootDo up to e93dd428ef6f5c881aa74d49a2099ab0cf1e0fcb. Affected is the function Save of the file /blog/bContent/save of the component ContentController. This manipulation of the argument content/author/title causes cross site scripting. Remote exploitatio...

BootDo code injection vulnerability

BootDo is a backend management system framework developed by lcg0124. lcg0124 BootDo has a code injection vulnerability, which stems from incorrect handling of parameters in the file /blog/bContent/save, specifically those related to content/author/title. This vulnerability may lead to cross-site...

GHSA-C944-CV5F-HPVR

creationtimestamp| type| source ---|---|--- 2026-01-14 17:45:09+00:00| seen| https://github.blog/security/community-powered-security-with-ai-an-open-source-framework-for-security-research/...

SpyCloud Launches Supply Chain Solution to Combat Rising Third-Party Identity Threats

New monitoring capability delivers unprecedented visibility into vendor identity exposures, moving enterprises and government agencies from static risk scoring to protecting against actual identity threats...