Medium severity6.4NVD Advisory· Published Jan 30, 2026· Updated Apr 15, 2026

CVE-2020-37019

Description

Orchard Core RC1 contains a persistent cross-site scripting vulnerability that allows remote attackers to inject malicious scripts through blog post creation. Attackers can create blog posts with embedded JavaScript in the MarkdownBodyPart.Source parameter to execute arbitrary scripts in victim browsers.

Affected products

OrchardCMS/Orchardcorereferences

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.orchardcore.netnvd
github.com/OrchardCMS/OrchardCore/issues/5802nvd
www.exploit-db.com/exploits/48456nvd
www.vulncheck.com/advisories/orchard-core-rc-persistent-cross-site-scriptingnvd

News mentions

No linked articles in our index yet.

cvss	0.416
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000