EPSS
Percentile
21.4%
orchardcore is vulnerable to Cross-Site Scripting (XSS) attacks. The library does not properly escape the special characters before it output to the front end, allowing an attacker to inject and execute malicious javascript on victim’s browser.
github.com/orchardcms/orchardcore/commit/218f25ddfadb66a54de7a82dffe3ab2e4ab7c4b4
github.com/OrchardCMS/OrchardCore/pull/11034
huntr.dev/bounties/fa538421-ae55-4288-928f-4e96aaed5803
huntr.dev/bounties/fa538421-ae55-4288-928f-4e96aaed5803/