Description
In OrchardCore rc1-11259 to v1.2.2 vulnerable to HTML injection, allow an authenticated user with an editor security role to inject a persistent HTML modal dialog component into the dashboard that will affect admin users.
No analysis available yet.
Remediation
Vendor Solution
Update version to v1.4.0 or later
Tracking
Sign in to view the affected projects.
Advisories
| Source | ID | Title |
|---|---|---|
EUVD |
EUVD-2022-7025 | In OrchardCore rc1-11259 to v1.2.2 vulnerable to HTML injection, allow an authenticated user with an editor security role to inject a persistent HTML modal dialog component into the dashboard that will affect admin users. |
Github GHSA |
GHSA-5gg9-gwj4-mqmj | OrchardCore vulnerable to HTML injection |
References
History
Mon, 16 Sep 2024 19:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Title | OrchardCore - HTML Injection | OrchardCore - HTML Injection |
Status: PUBLISHED
Assigner: Mend
Published:
Updated: 2024-09-16T19:15:42.733Z
Reserved: 2022-05-31T00:00:00.000Z
Link: CVE-2022-32173
No data.
Status : Modified
Published: 2022-10-03T13:15:09.737
Modified: 2026-06-17T04:46:48.760
Link: CVE-2022-32173
No data.
OpenCVE Enrichment
No data.
Weaknesses
-
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
EUVD
Github GHSA