Vulnerabilities > Orchardcore

DATE CVE VULNERABILITY TITLE RISK
2022-11-25 CVE-2022-37720 Cross-site Scripting vulnerability in Orchardcore Orchard CMS 1.10.3
Orchardproject Orchard CMS 1.10.3 is vulnerable to Cross Site Scripting (XSS).
network
low complexity
orchardcore CWE-79
critical
9.0
2022-10-03 CVE-2022-32173 Unspecified vulnerability in Orchardcore
In OrchardCore rc1-11259 to v1.2.2 vulnerable to HTML injection, allow an authenticated user with an editor security role to inject a persistent HTML modal dialog component into the dashboard that will affect admin users.
network
low complexity
orchardcore
5.4
2022-03-11 CVE-2022-0822 Cross-site Scripting vulnerability in Orchardcore
Cross-site Scripting (XSS) - Reflected in GitHub repository orchardcms/orchardcore prior to 1.3.0.
network
low complexity
orchardcore CWE-79
5.4
2022-03-11 CVE-2022-0820 Cross-site Scripting vulnerability in Orchardcore
Cross-site Scripting (XSS) - Stored in GitHub repository orchardcms/orchardcore prior to 1.3.0.
network
low complexity
orchardcore CWE-79
6.1
2022-03-11 CVE-2022-0821 Unspecified vulnerability in Orchardcore
Improper Authorization in GitHub repository orchardcms/orchardcore prior to 1.3.0.
network
low complexity
orchardcore
6.5
2022-01-19 CVE-2022-0243 Cross-site Scripting vulnerability in Orchardcore
Cross-site Scripting (XSS) - Stored in NuGet OrchardCore.Application.Cms.Targets prior to 1.2.2.
network
low complexity
orchardcore CWE-79
5.4
2022-01-19 CVE-2022-0274 Unspecified vulnerability in Orchardcore
Cross-site Scripting (XSS) - Stored in NuGet OrchardCore.Application.Cms.Targets prior to 1.2.2.
network
low complexity
orchardcore
5.4
2022-01-12 CVE-2022-0159 Unspecified vulnerability in Orchardcore
orchardcore is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
network
low complexity
orchardcore
5.4
2021-10-10 CVE-2021-25966 Insufficient Session Expiration vulnerability in Orchardcore Orchard Core 1.0.0
In “Orchard core CMS” application, versions 1.0.0-beta1-3383 to 1.0.0 are vulnerable to an improper session termination after password change.
network
low complexity
orchardcore CWE-613
8.8