Search criteria
15 vulnerabilities found for orchard by orchardproject
FKIE_CVE-2020-29593
Vulnerability from fkie_nvd - Published: 2021-04-14 15:15 - Updated: 2024-11-21 05:24
Severity ?
Summary
An issue was discovered in Orchard before 1.10. The Media Settings Allowed File Types list field allows an attacker to add a XSS payload that will execute when users attempt to upload a disallowed file type, causing the error to display.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://burninatorsec.blogspot.com/2021/04/cve-2020-29592-and-cve-2020-29593.html | Exploit, Third Party Advisory | |
| cve@mitre.org | https://github.com/OrchardCMS/Orchard/releases | Release Notes, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://burninatorsec.blogspot.com/2021/04/cve-2020-29592-and-cve-2020-29593.html | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/OrchardCMS/Orchard/releases | Release Notes, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| orchardproject | orchard | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:orchardproject:orchard:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F2248E93-A00B-4EBF-884C-B71ED1293B29",
"versionEndExcluding": "1.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Orchard before 1.10. The Media Settings Allowed File Types list field allows an attacker to add a XSS payload that will execute when users attempt to upload a disallowed file type, causing the error to display."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema en Orchard versiones anteriores a 1.10.\u0026#xa0;El campo de lista Media Settings Allowed File Types permite a un atacante agregar una carga \u00fatil XSS que se ejecutar\u00e1 cuando los usuarios intenten cargar un tipo de archivo no permitido, causando que se muestre el error"
}
],
"id": "CVE-2020-29593",
"lastModified": "2024-11-21T05:24:16.437",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-04-14T15:15:13.407",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://burninatorsec.blogspot.com/2021/04/cve-2020-29592-and-cve-2020-29593.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/OrchardCMS/Orchard/releases"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://burninatorsec.blogspot.com/2021/04/cve-2020-29592-and-cve-2020-29593.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/OrchardCMS/Orchard/releases"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2020-29592
Vulnerability from fkie_nvd - Published: 2021-04-14 15:15 - Updated: 2024-11-21 05:24
Severity ?
Summary
An issue was discovered in Orchard before 1.10. A broken access control issue in Orchard components that use the TinyMCE HTML editor's file upload allows an attacker to upload dangerous executables that bypass the file types allowed (regardless of the file types allowed list in Media settings).
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://burninatorsec.blogspot.com/2021/04/cve-2020-29592-and-cve-2020-29593.html | Exploit, Third Party Advisory | |
| cve@mitre.org | https://github.com/OrchardCMS/Orchard/releases | Release Notes, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://burninatorsec.blogspot.com/2021/04/cve-2020-29592-and-cve-2020-29593.html | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/OrchardCMS/Orchard/releases | Release Notes, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| orchardproject | orchard | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:orchardproject:orchard:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F2248E93-A00B-4EBF-884C-B71ED1293B29",
"versionEndExcluding": "1.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Orchard before 1.10. A broken access control issue in Orchard components that use the TinyMCE HTML editor\u0027s file upload allows an attacker to upload dangerous executables that bypass the file types allowed (regardless of the file types allowed list in Media settings)."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema en Orchard versiones anteriores a 1.10.\u0026#xa0;Un problema de control de acceso roto en los componentes de Orchard que usan la carga de archivos del editor HTML TinyMCE permite a un atacante cargar ejecutables peligrosos que omiten los tipos de archivos permitidos (independientemente de la lista de tipos de archivos permitidos en la configuraci\u00f3n de Multimedia)"
}
],
"id": "CVE-2020-29592",
"lastModified": "2024-11-21T05:24:16.270",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-04-14T15:15:13.330",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://burninatorsec.blogspot.com/2021/04/cve-2020-29592-and-cve-2020-29593.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/OrchardCMS/Orchard/releases"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://burninatorsec.blogspot.com/2021/04/cve-2020-29592-and-cve-2020-29593.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/OrchardCMS/Orchard/releases"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-434"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2015-5520
Vulnerability from fkie_nvd - Published: 2015-07-14 16:59 - Updated: 2025-04-12 10:46
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the Users module in Orchard 1.7.3 through 1.8.2 and 1.9.x before 1.9.1 allows remote attackers to inject arbitrary web script or HTML via the username when creating a new user account, which is not properly handled when deleting an account.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| orchardproject | orchard | 1.7.3 | |
| orchardproject | orchard | 1.8 | |
| orchardproject | orchard | 1.8.1 | |
| orchardproject | orchard | 1.8.2 | |
| orchardproject | orchard | 1.9 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:orchardproject:orchard:1.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6B7F5355-5526-4604-90CB-F1857928AB1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:orchardproject:orchard:1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "667C3DDB-2D95-4F02-9895-1C796D85C5EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:orchardproject:orchard:1.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0E71A861-EA18-40C8-B7B1-8A6115BD57D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:orchardproject:orchard:1.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7144C561-3CC3-47B2-BCC1-5D0967454942",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:orchardproject:orchard:1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "B2742E7C-826E-4203-9E5F-F366F1A64508",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Users module in Orchard 1.7.3 through 1.8.2 and 1.9.x before 1.9.1 allows remote attackers to inject arbitrary web script or HTML via the username when creating a new user account, which is not properly handled when deleting an account."
},
{
"lang": "es",
"value": "Vulnerabilidad de secuencias de comando en el m\u00f3dulo de usuarios de Orchard 1.7.3 hasta 1.8.2 y 1.9.x antes de 1.9.1, permite a un atacante inyectar arbitrariamente secuencias de comandos web o HTML a trav\u00e9s del nombre de usuario cuando se crea una nueva cuenta de usuario, lo cual no es correctamente manejado cuando se elimina una cuenta."
}
],
"id": "CVE-2015-5520",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2015-07-14T16:59:06.953",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://docs.orchardproject.net/Documentation/Patch-20150630"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.com/files/132583/Orchard-CMS-1.9.0-1.8.2-1.7.3-Cross-Site-Scripting.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://seclists.org/fulldisclosure/2015/Jul/32"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "https://projectzero.gr/en/2015/07/orchard-persistent-xss-vulnerability/"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "https://www.exploit-db.com/exploits/37533/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://docs.orchardproject.net/Documentation/Patch-20150630"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.com/files/132583/Orchard-CMS-1.9.0-1.8.2-1.7.3-Cross-Site-Scripting.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://seclists.org/fulldisclosure/2015/Jul/32"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "https://projectzero.gr/en/2015/07/orchard-persistent-xss-vulnerability/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "https://www.exploit-db.com/exploits/37533/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2013-3645
Vulnerability from fkie_nvd - Published: 2013-06-14 13:07 - Updated: 2025-04-11 00:51
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the Orchard.Comments module in Orchard before 1.6.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| orchardproject | orchard | * | |
| orchardproject | orchard | 0.1 | |
| orchardproject | orchard | 0.5 | |
| orchardproject | orchard | 0.8 | |
| orchardproject | orchard | 0.9 | |
| orchardproject | orchard | 1.0 | |
| orchardproject | orchard | 1.1 | |
| orchardproject | orchard | 1.2 | |
| orchardproject | orchard | 1.3 | |
| orchardproject | orchard | 1.4 | |
| orchardproject | orchard | 1.5 | |
| orchardproject | orchard | 1.5.1 | |
| orchardproject | orchard | 1.41 | |
| orchardproject | orchard | 1.42 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:orchardproject:orchard:*:*:*:*:*:*:*:*",
"matchCriteriaId": "539E782C-A237-431A-8C40-CF4349DACD65",
"versionEndIncluding": "1.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:orchardproject:orchard:0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FBCD2EE9-D3F1-48C7-B180-B180E939F00B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:orchardproject:orchard:0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "82610413-EBE7-4319-B63E-8E9B237DA790",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:orchardproject:orchard:0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "9BD0A43E-2EA3-4A68-96BB-0A981F635D35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:orchardproject:orchard:0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "F86C15D0-3FFA-4FAE-B4D6-B5180D061BDE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:orchardproject:orchard:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "822D03B1-1FC6-43BA-B031-EE622E8AAB16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:orchardproject:orchard:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A6F6CC14-867D-4573-B0FB-7FD6D82F1100",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:orchardproject:orchard:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8BFA6EB5-13A9-4D08-9228-AC5856BC4624",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:orchardproject:orchard:1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4D4467A8-D305-41BE-BE2E-AD8C57C73E5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:orchardproject:orchard:1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DF210DB9-188F-4FD9-A6F8-7E0259351F5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:orchardproject:orchard:1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "BE5C8ABA-ABC7-4189-844D-A452896FCE28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:orchardproject:orchard:1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "86AFDD1A-F50C-4483-8D7D-7F27A9AD24A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:orchardproject:orchard:1.41:*:*:*:*:*:*:*",
"matchCriteriaId": "80B98296-A6AB-497B-818F-255D0923FD2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:orchardproject:orchard:1.42:*:*:*:*:*:*:*",
"matchCriteriaId": "2F93115C-7B9E-4F19-AF1F-C12201909FDE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Orchard.Comments module in Orchard before 1.6.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en el m\u00f3dulo Orchard.Comments en Orchard anterior a 1.6.1, permite a atacantes remotos inyectar secuencias arbitrarias de comandos web o HTML a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2013-3645",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2013-06-14T13:07:29.643",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://docs.orchardproject.net/Documentation/Patch-4-30-2013"
},
{
"source": "vultures@jpcert.or.jp",
"url": "http://jvn.jp/en/jp/JVN53622030/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000057"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://docs.orchardproject.net/Documentation/Patch-4-30-2013"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvn.jp/en/jp/JVN53622030/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000057"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2011-5252
Vulnerability from fkie_nvd - Published: 2013-01-12 04:33 - Updated: 2025-04-11 00:51
Severity ?
Summary
Open redirect vulnerability in Users/Account/LogOff in Orchard 1.0.x before 1.0.21, 1.1.x before 1.1.31, 1.2.x before 1.2.42, and 1.3.x before 1.3.10 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the ReturnUrl parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| orchardproject | orchard | 1.0 | |
| orchardproject | orchard | 1.0.20 | |
| orchardproject | orchard | 1.1 | |
| orchardproject | orchard | 1.1.30 | |
| orchardproject | orchard | 1.2 | |
| orchardproject | orchard | 1.2.41 | |
| orchardproject | orchard | 1.3 | |
| orchardproject | orchard | 1.3.9 | |
| orchardproject | orchard | 1.3.10 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:orchardproject:orchard:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "822D03B1-1FC6-43BA-B031-EE622E8AAB16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:orchardproject:orchard:1.0.20:*:*:*:*:*:*:*",
"matchCriteriaId": "F549E56B-16A4-41E5-A6E4-59D954D8613C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:orchardproject:orchard:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A6F6CC14-867D-4573-B0FB-7FD6D82F1100",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:orchardproject:orchard:1.1.30:*:*:*:*:*:*:*",
"matchCriteriaId": "1BFF61D4-3E3B-4EC1-9B47-85A06D800109",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:orchardproject:orchard:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8BFA6EB5-13A9-4D08-9228-AC5856BC4624",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:orchardproject:orchard:1.2.41:*:*:*:*:*:*:*",
"matchCriteriaId": "DA0B0316-055A-4DB1-AC20-30351C9FE980",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:orchardproject:orchard:1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4D4467A8-D305-41BE-BE2E-AD8C57C73E5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:orchardproject:orchard:1.3.9:*:*:*:*:*:*:*",
"matchCriteriaId": "1D73D90C-0E3B-43C4-9EB8-36FF8C63D50C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:orchardproject:orchard:1.3.10:*:*:*:*:*:*:*",
"matchCriteriaId": "F24BBF1A-E611-432C-870F-5E5970620559",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Open redirect vulnerability in Users/Account/LogOff in Orchard 1.0.x before 1.0.21, 1.1.x before 1.1.31, 1.2.x before 1.2.42, and 1.3.x before 1.3.10 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the ReturnUrl parameter."
},
{
"lang": "es",
"value": "Vulnerabilidad de redirecci\u00f3n abierta en Users/Account/LogOff en Orchard 1.0.x anterior a 1.0.21, 1.1.x anterior a 1.1.31, 1.2.x anterior a 1.2.42, y 1.3.x anterior a 1.3.10, permite a atacantes remotos redireccionar a usuarios a sitios web arbitrarios y llevar a cabo ataques de phishing a trav\u00e9s de una URL en el par\u00e1metro ReturnUrl."
}
],
"id": "CVE-2011-5252",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2013-01-12T04:33:48.993",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-01/0023.html"
},
{
"source": "cve@mitre.org",
"url": "http://orchard.codeplex.com/discussions/283667"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/47398"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.mavitunasecurity.com/open-redirection-vulnerability-in-orchard/"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/51260"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72110"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-01/0023.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://orchard.codeplex.com/discussions/283667"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/47398"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.mavitunasecurity.com/open-redirection-vulnerability-in-orchard/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/51260"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72110"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2020-29593 (GCVE-0-2020-29593)
Vulnerability from cvelistv5 – Published: 2021-04-14 14:25 – Updated: 2024-08-04 16:55
VLAI?
Summary
An issue was discovered in Orchard before 1.10. The Media Settings Allowed File Types list field allows an attacker to add a XSS payload that will execute when users attempt to upload a disallowed file type, causing the error to display.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:55:10.412Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://burninatorsec.blogspot.com/2021/04/cve-2020-29592-and-cve-2020-29593.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/OrchardCMS/Orchard/releases"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Orchard before 1.10. The Media Settings Allowed File Types list field allows an attacker to add a XSS payload that will execute when users attempt to upload a disallowed file type, causing the error to display."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-14T14:25:41",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://burninatorsec.blogspot.com/2021/04/cve-2020-29592-and-cve-2020-29593.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/OrchardCMS/Orchard/releases"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-29593",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Orchard before 1.10. The Media Settings Allowed File Types list field allows an attacker to add a XSS payload that will execute when users attempt to upload a disallowed file type, causing the error to display."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://burninatorsec.blogspot.com/2021/04/cve-2020-29592-and-cve-2020-29593.html",
"refsource": "MISC",
"url": "https://burninatorsec.blogspot.com/2021/04/cve-2020-29592-and-cve-2020-29593.html"
},
{
"name": "https://github.com/OrchardCMS/Orchard/releases",
"refsource": "MISC",
"url": "https://github.com/OrchardCMS/Orchard/releases"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-29593",
"datePublished": "2021-04-14T14:25:41",
"dateReserved": "2020-12-07T00:00:00",
"dateUpdated": "2024-08-04T16:55:10.412Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-29592 (GCVE-0-2020-29592)
Vulnerability from cvelistv5 – Published: 2021-04-14 14:23 – Updated: 2024-08-04 16:55
VLAI?
Summary
An issue was discovered in Orchard before 1.10. A broken access control issue in Orchard components that use the TinyMCE HTML editor's file upload allows an attacker to upload dangerous executables that bypass the file types allowed (regardless of the file types allowed list in Media settings).
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:55:10.596Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://burninatorsec.blogspot.com/2021/04/cve-2020-29592-and-cve-2020-29593.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/OrchardCMS/Orchard/releases"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Orchard before 1.10. A broken access control issue in Orchard components that use the TinyMCE HTML editor\u0027s file upload allows an attacker to upload dangerous executables that bypass the file types allowed (regardless of the file types allowed list in Media settings)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-14T14:23:12",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://burninatorsec.blogspot.com/2021/04/cve-2020-29592-and-cve-2020-29593.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/OrchardCMS/Orchard/releases"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-29592",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Orchard before 1.10. A broken access control issue in Orchard components that use the TinyMCE HTML editor\u0027s file upload allows an attacker to upload dangerous executables that bypass the file types allowed (regardless of the file types allowed list in Media settings)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://burninatorsec.blogspot.com/2021/04/cve-2020-29592-and-cve-2020-29593.html",
"refsource": "MISC",
"url": "https://burninatorsec.blogspot.com/2021/04/cve-2020-29592-and-cve-2020-29593.html"
},
{
"name": "https://github.com/OrchardCMS/Orchard/releases",
"refsource": "MISC",
"url": "https://github.com/OrchardCMS/Orchard/releases"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-29592",
"datePublished": "2021-04-14T14:23:12",
"dateReserved": "2020-12-07T00:00:00",
"dateUpdated": "2024-08-04T16:55:10.596Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-5520 (GCVE-0-2015-5520)
Vulnerability from cvelistv5 – Published: 2015-07-14 16:00 – Updated: 2024-09-16 18:08
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in the Users module in Orchard 1.7.3 through 1.8.2 and 1.9.x before 1.9.1 allows remote attackers to inject arbitrary web script or HTML via the username when creating a new user account, which is not properly handled when deleting an account.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:50:02.967Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/132583/Orchard-CMS-1.9.0-1.8.2-1.7.3-Cross-Site-Scripting.html"
},
{
"name": "20150706 Orchard CMS - Persistent XSS vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2015/Jul/32"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://projectzero.gr/en/2015/07/orchard-persistent-xss-vulnerability/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://docs.orchardproject.net/Documentation/Patch-20150630"
},
{
"name": "37533",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/37533/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Users module in Orchard 1.7.3 through 1.8.2 and 1.9.x before 1.9.1 allows remote attackers to inject arbitrary web script or HTML via the username when creating a new user account, which is not properly handled when deleting an account."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-07-14T16:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/132583/Orchard-CMS-1.9.0-1.8.2-1.7.3-Cross-Site-Scripting.html"
},
{
"name": "20150706 Orchard CMS - Persistent XSS vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2015/Jul/32"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://projectzero.gr/en/2015/07/orchard-persistent-xss-vulnerability/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://docs.orchardproject.net/Documentation/Patch-20150630"
},
{
"name": "37533",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/37533/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-5520",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Users module in Orchard 1.7.3 through 1.8.2 and 1.9.x before 1.9.1 allows remote attackers to inject arbitrary web script or HTML via the username when creating a new user account, which is not properly handled when deleting an account."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/132583/Orchard-CMS-1.9.0-1.8.2-1.7.3-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/132583/Orchard-CMS-1.9.0-1.8.2-1.7.3-Cross-Site-Scripting.html"
},
{
"name": "20150706 Orchard CMS - Persistent XSS vulnerability",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2015/Jul/32"
},
{
"name": "https://projectzero.gr/en/2015/07/orchard-persistent-xss-vulnerability/",
"refsource": "MISC",
"url": "https://projectzero.gr/en/2015/07/orchard-persistent-xss-vulnerability/"
},
{
"name": "http://docs.orchardproject.net/Documentation/Patch-20150630",
"refsource": "CONFIRM",
"url": "http://docs.orchardproject.net/Documentation/Patch-20150630"
},
{
"name": "37533",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/37533/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-5520",
"datePublished": "2015-07-14T16:00:00Z",
"dateReserved": "2015-07-14T00:00:00Z",
"dateUpdated": "2024-09-16T18:08:13.975Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-3645 (GCVE-0-2013-3645)
Vulnerability from cvelistv5 – Published: 2013-06-14 10:00 – Updated: 2024-09-16 19:47
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in the Orchard.Comments module in Orchard before 1.6.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:14:56.604Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://docs.orchardproject.net/Documentation/Patch-4-30-2013"
},
{
"name": "JVNDB-2013-000057",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000057"
},
{
"name": "JVN#53622030",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN53622030/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Orchard.Comments module in Orchard before 1.6.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-06-14T10:00:00Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://docs.orchardproject.net/Documentation/Patch-4-30-2013"
},
{
"name": "JVNDB-2013-000057",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000057"
},
{
"name": "JVN#53622030",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN53622030/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2013-3645",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Orchard.Comments module in Orchard before 1.6.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://docs.orchardproject.net/Documentation/Patch-4-30-2013",
"refsource": "CONFIRM",
"url": "http://docs.orchardproject.net/Documentation/Patch-4-30-2013"
},
{
"name": "JVNDB-2013-000057",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000057"
},
{
"name": "JVN#53622030",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN53622030/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2013-3645",
"datePublished": "2013-06-14T10:00:00Z",
"dateReserved": "2013-05-22T00:00:00Z",
"dateUpdated": "2024-09-16T19:47:14.449Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-5252 (GCVE-0-2011-5252)
Vulnerability from cvelistv5 – Published: 2013-01-12 02:00 – Updated: 2024-08-07 00:30
VLAI?
Summary
Open redirect vulnerability in Users/Account/LogOff in Orchard 1.0.x before 1.0.21, 1.1.x before 1.1.31, 1.2.x before 1.2.42, and 1.3.x before 1.3.10 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the ReturnUrl parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:30:46.825Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "47398",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/47398"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.mavitunasecurity.com/open-redirection-vulnerability-in-orchard/"
},
{
"name": "orchard-returnurl-url-redirection(72110)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72110"
},
{
"name": "20120104 Open Redirection Vulnerability in Orchard 1.3.9",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-01/0023.html"
},
{
"name": "51260",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/51260"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://orchard.codeplex.com/discussions/283667"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-12-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Open redirect vulnerability in Users/Account/LogOff in Orchard 1.0.x before 1.0.21, 1.1.x before 1.1.31, 1.2.x before 1.2.42, and 1.3.x before 1.3.10 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the ReturnUrl parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "47398",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/47398"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.mavitunasecurity.com/open-redirection-vulnerability-in-orchard/"
},
{
"name": "orchard-returnurl-url-redirection(72110)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72110"
},
{
"name": "20120104 Open Redirection Vulnerability in Orchard 1.3.9",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-01/0023.html"
},
{
"name": "51260",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/51260"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://orchard.codeplex.com/discussions/283667"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-5252",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Open redirect vulnerability in Users/Account/LogOff in Orchard 1.0.x before 1.0.21, 1.1.x before 1.1.31, 1.2.x before 1.2.42, and 1.3.x before 1.3.10 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the ReturnUrl parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "47398",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/47398"
},
{
"name": "http://www.mavitunasecurity.com/open-redirection-vulnerability-in-orchard/",
"refsource": "MISC",
"url": "http://www.mavitunasecurity.com/open-redirection-vulnerability-in-orchard/"
},
{
"name": "orchard-returnurl-url-redirection(72110)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72110"
},
{
"name": "20120104 Open Redirection Vulnerability in Orchard 1.3.9",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-01/0023.html"
},
{
"name": "51260",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/51260"
},
{
"name": "http://orchard.codeplex.com/discussions/283667",
"refsource": "CONFIRM",
"url": "http://orchard.codeplex.com/discussions/283667"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-5252",
"datePublished": "2013-01-12T02:00:00",
"dateReserved": "2013-01-11T00:00:00",
"dateUpdated": "2024-08-07T00:30:46.825Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-29593 (GCVE-0-2020-29593)
Vulnerability from nvd – Published: 2021-04-14 14:25 – Updated: 2024-08-04 16:55
VLAI?
Summary
An issue was discovered in Orchard before 1.10. The Media Settings Allowed File Types list field allows an attacker to add a XSS payload that will execute when users attempt to upload a disallowed file type, causing the error to display.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:55:10.412Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://burninatorsec.blogspot.com/2021/04/cve-2020-29592-and-cve-2020-29593.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/OrchardCMS/Orchard/releases"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Orchard before 1.10. The Media Settings Allowed File Types list field allows an attacker to add a XSS payload that will execute when users attempt to upload a disallowed file type, causing the error to display."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-14T14:25:41",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://burninatorsec.blogspot.com/2021/04/cve-2020-29592-and-cve-2020-29593.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/OrchardCMS/Orchard/releases"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-29593",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Orchard before 1.10. The Media Settings Allowed File Types list field allows an attacker to add a XSS payload that will execute when users attempt to upload a disallowed file type, causing the error to display."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://burninatorsec.blogspot.com/2021/04/cve-2020-29592-and-cve-2020-29593.html",
"refsource": "MISC",
"url": "https://burninatorsec.blogspot.com/2021/04/cve-2020-29592-and-cve-2020-29593.html"
},
{
"name": "https://github.com/OrchardCMS/Orchard/releases",
"refsource": "MISC",
"url": "https://github.com/OrchardCMS/Orchard/releases"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-29593",
"datePublished": "2021-04-14T14:25:41",
"dateReserved": "2020-12-07T00:00:00",
"dateUpdated": "2024-08-04T16:55:10.412Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-29592 (GCVE-0-2020-29592)
Vulnerability from nvd – Published: 2021-04-14 14:23 – Updated: 2024-08-04 16:55
VLAI?
Summary
An issue was discovered in Orchard before 1.10. A broken access control issue in Orchard components that use the TinyMCE HTML editor's file upload allows an attacker to upload dangerous executables that bypass the file types allowed (regardless of the file types allowed list in Media settings).
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:55:10.596Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://burninatorsec.blogspot.com/2021/04/cve-2020-29592-and-cve-2020-29593.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/OrchardCMS/Orchard/releases"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Orchard before 1.10. A broken access control issue in Orchard components that use the TinyMCE HTML editor\u0027s file upload allows an attacker to upload dangerous executables that bypass the file types allowed (regardless of the file types allowed list in Media settings)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-14T14:23:12",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://burninatorsec.blogspot.com/2021/04/cve-2020-29592-and-cve-2020-29593.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/OrchardCMS/Orchard/releases"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-29592",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Orchard before 1.10. A broken access control issue in Orchard components that use the TinyMCE HTML editor\u0027s file upload allows an attacker to upload dangerous executables that bypass the file types allowed (regardless of the file types allowed list in Media settings)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://burninatorsec.blogspot.com/2021/04/cve-2020-29592-and-cve-2020-29593.html",
"refsource": "MISC",
"url": "https://burninatorsec.blogspot.com/2021/04/cve-2020-29592-and-cve-2020-29593.html"
},
{
"name": "https://github.com/OrchardCMS/Orchard/releases",
"refsource": "MISC",
"url": "https://github.com/OrchardCMS/Orchard/releases"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-29592",
"datePublished": "2021-04-14T14:23:12",
"dateReserved": "2020-12-07T00:00:00",
"dateUpdated": "2024-08-04T16:55:10.596Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-5520 (GCVE-0-2015-5520)
Vulnerability from nvd – Published: 2015-07-14 16:00 – Updated: 2024-09-16 18:08
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in the Users module in Orchard 1.7.3 through 1.8.2 and 1.9.x before 1.9.1 allows remote attackers to inject arbitrary web script or HTML via the username when creating a new user account, which is not properly handled when deleting an account.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:50:02.967Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/132583/Orchard-CMS-1.9.0-1.8.2-1.7.3-Cross-Site-Scripting.html"
},
{
"name": "20150706 Orchard CMS - Persistent XSS vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2015/Jul/32"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://projectzero.gr/en/2015/07/orchard-persistent-xss-vulnerability/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://docs.orchardproject.net/Documentation/Patch-20150630"
},
{
"name": "37533",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/37533/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Users module in Orchard 1.7.3 through 1.8.2 and 1.9.x before 1.9.1 allows remote attackers to inject arbitrary web script or HTML via the username when creating a new user account, which is not properly handled when deleting an account."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-07-14T16:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/132583/Orchard-CMS-1.9.0-1.8.2-1.7.3-Cross-Site-Scripting.html"
},
{
"name": "20150706 Orchard CMS - Persistent XSS vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2015/Jul/32"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://projectzero.gr/en/2015/07/orchard-persistent-xss-vulnerability/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://docs.orchardproject.net/Documentation/Patch-20150630"
},
{
"name": "37533",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/37533/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-5520",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Users module in Orchard 1.7.3 through 1.8.2 and 1.9.x before 1.9.1 allows remote attackers to inject arbitrary web script or HTML via the username when creating a new user account, which is not properly handled when deleting an account."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/132583/Orchard-CMS-1.9.0-1.8.2-1.7.3-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/132583/Orchard-CMS-1.9.0-1.8.2-1.7.3-Cross-Site-Scripting.html"
},
{
"name": "20150706 Orchard CMS - Persistent XSS vulnerability",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2015/Jul/32"
},
{
"name": "https://projectzero.gr/en/2015/07/orchard-persistent-xss-vulnerability/",
"refsource": "MISC",
"url": "https://projectzero.gr/en/2015/07/orchard-persistent-xss-vulnerability/"
},
{
"name": "http://docs.orchardproject.net/Documentation/Patch-20150630",
"refsource": "CONFIRM",
"url": "http://docs.orchardproject.net/Documentation/Patch-20150630"
},
{
"name": "37533",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/37533/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-5520",
"datePublished": "2015-07-14T16:00:00Z",
"dateReserved": "2015-07-14T00:00:00Z",
"dateUpdated": "2024-09-16T18:08:13.975Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-3645 (GCVE-0-2013-3645)
Vulnerability from nvd – Published: 2013-06-14 10:00 – Updated: 2024-09-16 19:47
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in the Orchard.Comments module in Orchard before 1.6.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:14:56.604Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://docs.orchardproject.net/Documentation/Patch-4-30-2013"
},
{
"name": "JVNDB-2013-000057",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000057"
},
{
"name": "JVN#53622030",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN53622030/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Orchard.Comments module in Orchard before 1.6.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-06-14T10:00:00Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://docs.orchardproject.net/Documentation/Patch-4-30-2013"
},
{
"name": "JVNDB-2013-000057",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000057"
},
{
"name": "JVN#53622030",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN53622030/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2013-3645",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Orchard.Comments module in Orchard before 1.6.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://docs.orchardproject.net/Documentation/Patch-4-30-2013",
"refsource": "CONFIRM",
"url": "http://docs.orchardproject.net/Documentation/Patch-4-30-2013"
},
{
"name": "JVNDB-2013-000057",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000057"
},
{
"name": "JVN#53622030",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN53622030/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2013-3645",
"datePublished": "2013-06-14T10:00:00Z",
"dateReserved": "2013-05-22T00:00:00Z",
"dateUpdated": "2024-09-16T19:47:14.449Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-5252 (GCVE-0-2011-5252)
Vulnerability from nvd – Published: 2013-01-12 02:00 – Updated: 2024-08-07 00:30
VLAI?
Summary
Open redirect vulnerability in Users/Account/LogOff in Orchard 1.0.x before 1.0.21, 1.1.x before 1.1.31, 1.2.x before 1.2.42, and 1.3.x before 1.3.10 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the ReturnUrl parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:30:46.825Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "47398",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/47398"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.mavitunasecurity.com/open-redirection-vulnerability-in-orchard/"
},
{
"name": "orchard-returnurl-url-redirection(72110)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72110"
},
{
"name": "20120104 Open Redirection Vulnerability in Orchard 1.3.9",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-01/0023.html"
},
{
"name": "51260",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/51260"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://orchard.codeplex.com/discussions/283667"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-12-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Open redirect vulnerability in Users/Account/LogOff in Orchard 1.0.x before 1.0.21, 1.1.x before 1.1.31, 1.2.x before 1.2.42, and 1.3.x before 1.3.10 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the ReturnUrl parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "47398",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/47398"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.mavitunasecurity.com/open-redirection-vulnerability-in-orchard/"
},
{
"name": "orchard-returnurl-url-redirection(72110)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72110"
},
{
"name": "20120104 Open Redirection Vulnerability in Orchard 1.3.9",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-01/0023.html"
},
{
"name": "51260",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/51260"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://orchard.codeplex.com/discussions/283667"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-5252",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Open redirect vulnerability in Users/Account/LogOff in Orchard 1.0.x before 1.0.21, 1.1.x before 1.1.31, 1.2.x before 1.2.42, and 1.3.x before 1.3.10 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the ReturnUrl parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "47398",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/47398"
},
{
"name": "http://www.mavitunasecurity.com/open-redirection-vulnerability-in-orchard/",
"refsource": "MISC",
"url": "http://www.mavitunasecurity.com/open-redirection-vulnerability-in-orchard/"
},
{
"name": "orchard-returnurl-url-redirection(72110)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72110"
},
{
"name": "20120104 Open Redirection Vulnerability in Orchard 1.3.9",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-01/0023.html"
},
{
"name": "51260",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/51260"
},
{
"name": "http://orchard.codeplex.com/discussions/283667",
"refsource": "CONFIRM",
"url": "http://orchard.codeplex.com/discussions/283667"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-5252",
"datePublished": "2013-01-12T02:00:00",
"dateReserved": "2013-01-11T00:00:00",
"dateUpdated": "2024-08-07T00:30:46.825Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}