CVE-2022-0821

Improper Authorization in GitHub repository orchardcms/orchardcore prior to 1.3.0...

EUVD-2022-15870

Malicious code in bioql PyPI...

OrchardCMS Cross-Site Scripting Vulnerability

OrchardCMS is an open source modular and multi-tenant application framework built using ASP.NET Core and the content management system CMS built on top of it. A cross-site scripting vulnerability exists in orchardcore OrchardCMS versions prior to 1.10.3, which can be exploited by attackers with l...

OrchardCMS 跨站脚本漏洞

OrchardCMS is an open source modular and multi-tenant application framework built using ASP.NET Core and the content management system CMS built on top of it. A cross-site scripting vulnerability exists in orchardcore OrchardCMS versions prior to 1.10.3, which can be exploited by attackers with l...

CVE-2022-0822 Cross-site Scripting (XSS) - Reflected in orchardcms/orchardcore

Cross-site Scripting XSS - Reflected in GitHub repository orchardcms/orchardcore prior to 1.3.0...

CVE-2022-0822

CVE-2022-0822 is a reflected XSS in Orchard Core (OrchardCMS) before version 1.3.0. The issue arises from input handling/encoding that allows injected scripts to be executed in the victim’s browser. Affected product: Orchard Core, a .NET-based CMS/framework. Reported across multiple feeds (NVD, R...

CVE-2022-0821

CVE-2022-0821 affects Orchard Core (orchardcore) prior to version 1.3.0. The issue is described as improper authorization in the GitHub repository orchardcms/orchardcore, enabling a low-privilege user to create roles (as shown by Huntr/Red Hat and CNVD records). This implies a privilege/authoriza...

CVE-2022-0821 Improper Authorization in orchardcms/orchardcore

Improper Authorization in GitHub repository orchardcms/orchardcore prior to 1.3.0...

CVE-2022-0821 Improper Authorization in orchardcms/orchardcore

Improper Authorization in GitHub repository orchardcms/orchardcore prior to 1.3.0...

CVE-2022-0820 Cross-site Scripting (XSS) - Stored in orchardcms/orchardcore

Cross-site Scripting XSS - Stored in GitHub repository orchardcms/orchardcore prior to 1.3.0...

CVE-2022-0820 Cross-site Scripting (XSS) - Stored in orchardcms/orchardcore

Cross-site Scripting XSS - Stored in GitHub repository orchardcms/orchardcore prior to 1.3.0...

CVE-2022-0820

CVE-2022-0820 affects Orchard Core (orchardcore) up to version 1.3.0, with a stored XSS vulnerability in the content management workflow. The issue stems from insufficient input validation/encoding, allowing attacker-supplied client-side scripts to execute in a victim’s browser when rendering con...

Cross-site Scripting (XSS) - Reflected in orchardcms/orchardcore

Description Reflected XSS is found under DesignShortcodeNew Shortcode Proof of Concept POC Video https://drive.google.com/file/d/1yFfa7g8MMUvJrrKTpJXZEHhQLRSZ1Cii/view?usp=sharing Impact Through this vulnerability, an attacker is capable to execute malicious scripts...

Cross-site Scripting (XSS) - Stored in orchardcms/orchardcore

Description The Stored XSS vulnerability occurs because the menu editing function can insert a JavaScript Scheme as the value of the menu's HREF. Proof of Concept txt 1. Go to Content - Menu - Edit 2. Enter javascript:alertdocument.domain as the URL value using the Add or Edit menu function. 3...

Cross-site Scripting (XSS) - Stored in orchardcms/orchardcore

Description The application does not escape special characters before output to FE, lead to stored XSS. Proof of Concept 1. Go to Workflows Create Workflow Add Task/Event 2. Set a title with XSS payload, e.g: aa Impact XSS can have huge implications for a web application and its users. User...

Cross-site Scripting (XSS) - Stored in orchardcms/orchardcore

Description The application does not escape special characters before output to FE, lead to stored XSS. Proof of Concept Example of a case: 1. Go to Content Content Types /Admin/ContentTypes/List 2. Create or edit a type with XSS payload into Display Name field, e.g: Social Meta Settings Tick on...

OrchardCMS 代码问题漏洞

OrchardCMS is an open source modular and multi-tenant application framework built using ASP.NET Core and the Content Management System CMS built on top of it. A code issue exists in OrchardCMS that originates in the "Orchard core CMS" application, versions 1.0.0-beta1-3383 through 1.0.0, which is...