CVE-2020-37019

Orchard Core RC1 - Persistent Cross-Site Scripting

CVSS 5.1 MEDIUMEPSS 0.4%CWE-79

Orchard Core RC1 contains a persistent cross-site scripting vulnerability that allows remote attackers to inject malicious scripts through blog post creation. Attackers can create blog posts with embedded JavaScript in the MarkdownBodyPart.Source parameter to execute arbitrary scripts in victim browsers.

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

Productos afectados

Orchardcore · Orchard Core

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://github.com/OrchardCMS/OrchardCore https://github.com/OrchardCMS/OrchardCore/issues/5802 https://www.exploit-db.com/exploits/48456 https://www.vulncheck.com/advisories/orchard-core-rc-persistent-cross-site-scripting http://www.orchardcore.net/