VYPR

Orchard Core CMS

by Orchardproject

CVEs (2)

  • CVE-2022-37720CriNov 25, 2022
    risk 0.59cvss 9.0epss 0.01

    Orchardproject Orchard CMS 1.10.3 is vulnerable to Cross Site Scripting (XSS). When a low privileged user such as an author or publisher, injects a crafted html and javascript payload in a blog post, leading to full admin account takeover or privilege escalation when the…

  • CVE-2021-25966HigOct 10, 2021
    risk 0.57cvss 8.8epss 0.01

    In “Orchard core CMS” application, versions 1.0.0-beta1-3383 to 1.0.0 are vulnerable to an improper session termination after password change. When a password has been changed by the user or by an administrator, a user that was already logged in, will still have access to…