Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
OrchardCore - HTML Injection
Vulnerability Description
In OrchardCore rc1-11259 to v1.2.2 vulnerable to HTML injection, allow an authenticated user with an editor security role to inject a persistent HTML modal dialog component into the dashboard that will affect admin users.
CVSS Information
N/A
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
OrchardCore 跨站脚本漏洞
Vulnerability Description
OrchardCore是一个使用 ASP.NET Core 构建的开源模块化和多租户应用程序框架,以及构建在该框架之上的内容管理系统 (CMS)。 OrchardCore rc1-11259版本至v1.2.2版本存在跨站脚本漏洞,该漏洞源于存在HTML注入的问题,允许具有编辑安全角色的经过身份验证的用户将持久的HTML模态对话框组件注入仪表板,这将影响管理员用户。
CVSS Information
N/A
Vulnerability Type
N/A