NuGet package
orchardcore
pkg:nuget/orchardcore
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-32173 | — | >= 1.0.0-rc1-11259, < 1.4.0 | 1.4.0 | Oct 3, 2022 | In OrchardCore rc1-11259 to v1.2.2 vulnerable to HTML injection, allow an authenticated user with an editor security role to inject a persistent HTML modal dialog component into the dashboard that will affect admin users. | ||
| CVE-2022-0159 | — | < 1.2.1 | 1.2.1 | Jan 12, 2022 | orchardcore is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') |
- CVE-2022-32173Oct 3, 2022affected >= 1.0.0-rc1-11259, < 1.4.0fixed 1.4.0
In OrchardCore rc1-11259 to v1.2.2 vulnerable to HTML injection, allow an authenticated user with an editor security role to inject a persistent HTML modal dialog component into the dashboard that will affect admin users.
- CVE-2022-0159Jan 12, 2022affected < 1.2.1fixed 1.2.1
orchardcore is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')