Sign In
Advisories

Orchard Core RC1 - Persistent Cross-Site Scripting

Go Back
severity
medium
date
Affecting

  • Orchard Core 1.0

CWE
  • CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSS
5.1
CVSS V4 Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N
Credit
SunCSR (Sun* Cyber Security Research)
Description
Orchard Core RC1 contains a persistent cross-site scripting vulnerability that allows remote attackers to inject malicious scripts through blog post creation. Attackers can create blog posts with embedded JavaScript in the MarkdownBodyPart.Source parameter to execute arbitrary scripts in victim browsers.