Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Orchardproject Orchard CMS 1.10.3 is vulnerable to Cross Site Scripting (XSS). When a low privileged user such as an author or publisher, injects a crafted html and javascript payload in a blog post, leading to full admin account takeover or privilege escalation when the malicious blog post is loaded in the victim's browser.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
OrchardCMS 跨站脚本漏洞
Vulnerability Description
OrchardCMS是使用 ASP.NET Core 构建的开源模块化和多租户应用程序框架,以及构建在该框架之上的内容管理系统 (CMS)。 OrchardCMS 1.10.3之前版本存在安全漏洞,该漏洞源于作者或出版商等低权限用户可以在博客文章中注入精心设计的 html 和 javascript 有效负载,攻击者利用该漏洞可以导致管理员帐户被接管或权限提升。
CVSS Information
N/A
Vulnerability Type
N/A