60 matches found
Cross-site Scripting (XSS)
Overview OrchardCore is an application framework for building modular, multi-tenant applications on ASP.NET Core. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the MarkdownBodyPart.Source parameter during blog post creation. An attacker can execute arbitrary...
CVE-2022-0159
orchardcore is vulnerable to Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting'...
EUVD-2022-7025
Malicious code in bioql PyPI...
EUVD-2022-0684
Malicious code in bioql PyPI...
EUVD-2022-15870
Malicious code in bioql PyPI...
EUVD-2022-15436
Malicious code in bioql PyPI...
EUVD-2022-15869
Malicious code in bioql PyPI...
EUVD-2022-0490
Malicious code in bioql PyPI...
CVE-2022-0243
Cross-site Scripting XSS - Stored in NuGet OrchardCore.Application.Cms.Targets prior to 1.2.2...
Cross-Site Scripting (XSS)
gitLab is vulnerable to Cross-Site Scripting XSS. This vulnerability occurs due to a flaw in the way that OrchardCore handles the rendering of HTML templates. An attacker can exploit this vulnerability to inject malicious code into a project's HTML templates, which can then be executed by other...
Cross-site Scripting (XSS)
orchardcore is vulnerable to Cross-site Scripting XSS attacks. The library does not properly escape the special characters before it output to the front end, allowing an attacker to inject log entries into the database logs, containing a malicious referrer field...
OrchardCore Cross-Site Scripting Vulnerability
OrchardCore is an open source modular and multi-tenant application framework built using ASP.NET Core, and a content management system CMS built on top of the framework. orchardCore 0.0.1 and later, and versions prior to 1.4.0, is vulnerable to a cross-site scripting vulnerability that stems from...
GHSA-5GG9-GWJ4-MQMJ OrchardCore vulnerable to HTML injection
OrchardCore versions starting with 1.0.0-rc1-11259 and prior to 1.4.0 are vulnerable to HTML injection. The vulnerability allows an authenticated user with an editor security role to inject a persistent HTML modal dialog component into the dashboard that will affect admin users. Version 1.4.0...
OrchardCore vulnerable to HTML injection
OrchardCore versions starting with 1.0.0-rc1-11259 and prior to 1.4.0 are vulnerable to HTML injection. The vulnerability allows an authenticated user with an editor security role to inject a persistent HTML modal dialog component into the dashboard that will affect admin users. Version 1.4.0...
CVE-2022-32173
In OrchardCore rc1-11259 to v1.2.2 vulnerable to HTML injection, allow an authenticated user with an editor security role to inject a persistent HTML modal dialog component into the dashboard that will affect admin users...
CVE-2022-32173
In OrchardCore rc1-11259 to v1.2.2 vulnerable to HTML injection, allow an authenticated user with an editor security role to inject a persistent HTML modal dialog component into the dashboard that will affect admin users...
CVE-2022-32173
In OrchardCore rc1-11259 to v1.2.2 vulnerable to HTML injection, allow an authenticated user with an editor security role to inject a persistent HTML modal dialog component into the dashboard that will affect admin users...
Input validation
In OrchardCore rc1-11259 to v1.2.2 vulnerable to HTML injection, allow an authenticated user with an editor security role to inject a persistent HTML modal dialog component into the dashboard that will affect admin users...
CVE-2022-32173 OrchardCore - HTML Injection
In OrchardCore rc1-11259 to v1.2.2 vulnerable to HTML injection, allow an authenticated user with an editor security role to inject a persistent HTML modal dialog component into the dashboard that will affect admin users...
CVE-2022-32173
The CVE pertains to OrchardCore versions rc1-11259 through v1.2.2, where an authenticated user with an editor role can inject a persistent HTML modal into the dashboard, potentially affecting admin users due to insufficient input filtering/escaping. Root cause: lack of proper sanitization in edit...