2 matches found
Cross-site Scripting (XSS)
Overview OrchardCore is an application framework for building modular, multi-tenant applications on ASP.NET Core. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the MarkdownBodyPart.Source parameter during blog post creation. An attacker can execute arbitrary...
CVE-2020-37019 Orchard Core RC1 - Persistent Cross-Site Scripting
Orchard Core RC1 contains a persistent cross-site scripting vulnerability that allows remote attackers to inject malicious scripts through blog post creation. Attackers can create blog posts with embedded JavaScript in the MarkdownBodyPart.Source parameter to execute arbitrary scripts in victim...