CVE-2020-37019

Orchard Core RC1 - Persistent Cross-Site Scripting

CVSS 5.1 MEDIUMEPSS 0.4%CWE-79

Orchard Core RC1 contains a persistent cross-site scripting vulnerability that allows remote attackers to inject malicious scripts through blog post creation. Attackers can create blog posts with embedded JavaScript in the MarkdownBodyPart.Source parameter to execute arbitrary scripts in victim browsers.

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

Produtos afetados

Orchardcore · Orchard Core

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://github.com/OrchardCMS/OrchardCore https://github.com/OrchardCMS/OrchardCore/issues/5802 https://www.exploit-db.com/exploits/48456 https://www.vulncheck.com/advisories/orchard-core-rc-persistent-cross-site-scripting http://www.orchardcore.net/