Orchardcore

orchardcore

9 CVEs • 3 products

Products (3)

Click to collapse

Toggle

CVEs (9)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2022-37720 1Orchardcore 1Orchard Cms Apr 25, 2025 Nov 25, 2022 N/A· v4 9.0 CRITICAL· v3 N/A· v2 Orchardproject Orchard CMS 1.10.3 is vulnerable to Cross Site Scripting (XSS). When a low privileged user such as an author or publisher, injects a crafted html and javascript payload in a blog post, leading to full admi...Show more Orchardproject Orchard CMS 1.10.3 is vulnerable to Cross Site Scripting (XSS). When a low privileged user such as an author or publisher, injects a crafted html and javascript payload in a blog post, leading to full admin account takeover or privilege escalation when the malicious blog post is loaded in the victim's browser.Show less
CVE-2022-32173 1Orchardcore 1Orchardcore Nov 21, 2024 Oct 3, 2022 N/A· v4 5.4 MEDIUM· v3 N/A· v2 In OrchardCore rc1-11259 to v1.2.2 vulnerable to HTML injection, allow an authenticated user with an editor security role to inject a persistent HTML modal dialog component into the dashboard that will affect admin users...Show more In OrchardCore rc1-11259 to v1.2.2 vulnerable to HTML injection, allow an authenticated user with an editor security role to inject a persistent HTML modal dialog component into the dashboard that will affect admin users.Show less
CVE-2022-0822 1Orchardcore 1Orchardcore Nov 21, 2024 Mar 11, 2022 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 Cross-site Scripting (XSS) - Reflected in GitHub repository orchardcms/orchardcore prior to 1.3.0.
CVE-2022-0821 1Orchardcore 1Orchardcore Nov 21, 2024 Mar 11, 2022 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 Improper Authorization in GitHub repository orchardcms/orchardcore prior to 1.3.0.
CVE-2022-0820 1Orchardcore 1Orchardcore Nov 21, 2024 Mar 11, 2022 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 Cross-site Scripting (XSS) - Stored in GitHub repository orchardcms/orchardcore prior to 1.3.0.
CVE-2022-0243 1Orchardcore 1Orchardcore Nov 21, 2024 Jan 19, 2022 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 Cross-site Scripting (XSS) - Stored in NuGet OrchardCore.Application.Cms.Targets prior to 1.2.2.
CVE-2022-0274 1Orchardcore 1Orchardcore Nov 21, 2024 Jan 19, 2022 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 Cross-site Scripting (XSS) - Stored in NuGet OrchardCore.Application.Cms.Targets prior to 1.2.2.
CVE-2022-0159 1Orchardcore 1Orchardcore Nov 21, 2024 Jan 12, 2022 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 orchardcore is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-25966 1Orchardcore 1Orchard Core Nov 21, 2024 Oct 10, 2021 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 In “Orchard core CMS” application, versions 1.0.0-beta1-3383 to 1.0.0 are vulnerable to an improper session termination after password change. When a password has been changed by the user or by an administrator, a user t...Show more In “Orchard core CMS” application, versions 1.0.0-beta1-3383 to 1.0.0 are vulnerable to an improper session termination after password change. When a password has been changed by the user or by an administrator, a user that was already logged in, will still have access to the application even after the password was changed.Show less