Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
12 vulnerabilities by orchardcms
CVE-2022-0822 (GCVE-0-2022-0822)
Vulnerability from nvd – Published: 2022-03-11 00:50 – Updated: 2024-08-02 23:40
VLAI
EPSS
VEX
Title
Cross-site Scripting (XSS) - Reflected in orchardcms/orchardcore
Summary
Cross-site Scripting (XSS) - Reflected in GitHub repository orchardcms/orchardcore prior to 1.3.0.
Severity
5.4 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/orchardcms/orchardcore/commit/… | x_refsource_MISC |
| https://huntr.dev/bounties/06971613-b6ab-4b96-8aa… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| orchardcms | orchardcms/orchardcore |
Affected:
unspecified , < 1.3.0
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:40:04.323Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/orchardcms/orchardcore/commit/b7096af1028d8f909f63dd076d1bbd573913a92d"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/06971613-b6ab-4b96-8aa6-4982bfcfeb73"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "orchardcms/orchardcore",
"vendor": "orchardcms",
"versions": [
{
"lessThan": "1.3.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Reflected in GitHub repository orchardcms/orchardcore prior to 1.3.0."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-11T00:50:08.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/orchardcms/orchardcore/commit/b7096af1028d8f909f63dd076d1bbd573913a92d"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/06971613-b6ab-4b96-8aa6-4982bfcfeb73"
}
],
"source": {
"advisory": "06971613-b6ab-4b96-8aa6-4982bfcfeb73",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Reflected in orchardcms/orchardcore",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0822",
"STATE": "PUBLIC",
"TITLE": "Cross-site Scripting (XSS) - Reflected in orchardcms/orchardcore"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "orchardcms/orchardcore",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "1.3.0"
}
]
}
}
]
},
"vendor_name": "orchardcms"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site Scripting (XSS) - Reflected in GitHub repository orchardcms/orchardcore prior to 1.3.0."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/orchardcms/orchardcore/commit/b7096af1028d8f909f63dd076d1bbd573913a92d",
"refsource": "MISC",
"url": "https://github.com/orchardcms/orchardcore/commit/b7096af1028d8f909f63dd076d1bbd573913a92d"
},
{
"name": "https://huntr.dev/bounties/06971613-b6ab-4b96-8aa6-4982bfcfeb73",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/06971613-b6ab-4b96-8aa6-4982bfcfeb73"
}
]
},
"source": {
"advisory": "06971613-b6ab-4b96-8aa6-4982bfcfeb73",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0822",
"datePublished": "2022-03-11T00:50:09.000Z",
"dateReserved": "2022-03-02T00:00:00.000Z",
"dateUpdated": "2024-08-02T23:40:04.323Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0821 (GCVE-0-2022-0821)
Vulnerability from nvd – Published: 2022-03-10 23:40 – Updated: 2024-08-02 23:40
VLAI
EPSS
VEX
Title
Improper Authorization in orchardcms/orchardcore
Summary
Improper Authorization in GitHub repository orchardcms/orchardcore prior to 1.3.0.
Severity
7.1 (High)
CWE
- CWE-285 - Improper Authorization
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/orchardcms/orchardcore/commit/… | x_refsource_MISC |
| https://huntr.dev/bounties/0019eb1c-8bf9-4bd0-a27… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| orchardcms | orchardcms/orchardcore |
Affected:
unspecified , < 1.3.0
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:40:04.388Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/orchardcms/orchardcore/commit/b7096af1028d8f909f63dd076d1bbd573913a92d"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/0019eb1c-8bf9-4bd0-a27f-aadc173515cb"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "orchardcms/orchardcore",
"vendor": "orchardcms",
"versions": [
{
"lessThan": "1.3.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper Authorization in GitHub repository orchardcms/orchardcore prior to 1.3.0."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "CWE-285 Improper Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-10T23:40:10.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/orchardcms/orchardcore/commit/b7096af1028d8f909f63dd076d1bbd573913a92d"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/0019eb1c-8bf9-4bd0-a27f-aadc173515cb"
}
],
"source": {
"advisory": "0019eb1c-8bf9-4bd0-a27f-aadc173515cb",
"discovery": "EXTERNAL"
},
"title": "Improper Authorization in orchardcms/orchardcore",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0821",
"STATE": "PUBLIC",
"TITLE": "Improper Authorization in orchardcms/orchardcore"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "orchardcms/orchardcore",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "1.3.0"
}
]
}
}
]
},
"vendor_name": "orchardcms"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper Authorization in GitHub repository orchardcms/orchardcore prior to 1.3.0."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-285 Improper Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/orchardcms/orchardcore/commit/b7096af1028d8f909f63dd076d1bbd573913a92d",
"refsource": "MISC",
"url": "https://github.com/orchardcms/orchardcore/commit/b7096af1028d8f909f63dd076d1bbd573913a92d"
},
{
"name": "https://huntr.dev/bounties/0019eb1c-8bf9-4bd0-a27f-aadc173515cb",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/0019eb1c-8bf9-4bd0-a27f-aadc173515cb"
}
]
},
"source": {
"advisory": "0019eb1c-8bf9-4bd0-a27f-aadc173515cb",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0821",
"datePublished": "2022-03-10T23:40:10.000Z",
"dateReserved": "2022-03-01T00:00:00.000Z",
"dateUpdated": "2024-08-02T23:40:04.388Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0820 (GCVE-0-2022-0820)
Vulnerability from nvd – Published: 2022-03-10 23:35 – Updated: 2024-08-02 23:40
VLAI
EPSS
VEX
Title
Cross-site Scripting (XSS) - Stored in orchardcms/orchardcore
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository orchardcms/orchardcore prior to 1.3.0.
Severity
4.7 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://huntr.dev/bounties/d00e7175-4764-4962-ae0… | x_refsource_CONFIRM |
| https://github.com/orchardcms/orchardcore/commit/… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| orchardcms | orchardcms/orchardcore |
Affected:
unspecified , < 1.3.0
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:40:04.457Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/d00e7175-4764-4962-ae0d-a66501dda2e6"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/orchardcms/orchardcore/commit/b7096af1028d8f909f63dd076d1bbd573913a92d"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "orchardcms/orchardcore",
"vendor": "orchardcms",
"versions": [
{
"lessThan": "1.3.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository orchardcms/orchardcore prior to 1.3.0."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-10T23:35:09.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/d00e7175-4764-4962-ae0d-a66501dda2e6"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/orchardcms/orchardcore/commit/b7096af1028d8f909f63dd076d1bbd573913a92d"
}
],
"source": {
"advisory": "d00e7175-4764-4962-ae0d-a66501dda2e6",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in orchardcms/orchardcore",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0820",
"STATE": "PUBLIC",
"TITLE": "Cross-site Scripting (XSS) - Stored in orchardcms/orchardcore"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "orchardcms/orchardcore",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "1.3.0"
}
]
}
}
]
},
"vendor_name": "orchardcms"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository orchardcms/orchardcore prior to 1.3.0."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/d00e7175-4764-4962-ae0d-a66501dda2e6",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/d00e7175-4764-4962-ae0d-a66501dda2e6"
},
{
"name": "https://github.com/orchardcms/orchardcore/commit/b7096af1028d8f909f63dd076d1bbd573913a92d",
"refsource": "MISC",
"url": "https://github.com/orchardcms/orchardcore/commit/b7096af1028d8f909f63dd076d1bbd573913a92d"
}
]
},
"source": {
"advisory": "d00e7175-4764-4962-ae0d-a66501dda2e6",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0820",
"datePublished": "2022-03-10T23:35:09.000Z",
"dateReserved": "2022-03-01T00:00:00.000Z",
"dateUpdated": "2024-08-02T23:40:04.457Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0243 (GCVE-0-2022-0243)
Vulnerability from nvd – Published: 2022-01-19 19:20 – Updated: 2024-08-02 23:18
VLAI
EPSS
VEX
Title
Cross-site Scripting (XSS) - Stored in orchardcms/orchardcore
Summary
Cross-site Scripting (XSS) - Stored in NuGet OrchardCore.Application.Cms.Targets prior to 1.2.2.
Severity
7.4 (High)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/orchardcms/orchardcore/commit/… | x_refsource_MISC |
| https://huntr.dev/bounties/fa538421-ae55-4288-928… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| orchardcms | orchardcms/orchardcore |
Affected:
unspecified , < 1.2.2
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:18:42.966Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/orchardcms/orchardcore/commit/218f25ddfadb66a54de7a82dffe3ab2e4ab7c4b4"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/fa538421-ae55-4288-928f-4e96aaed5803"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "orchardcms/orchardcore",
"vendor": "orchardcms",
"versions": [
{
"lessThan": "1.2.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in NuGet OrchardCore.Application.Cms.Targets prior to 1.2.2."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-21T12:53:25.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/orchardcms/orchardcore/commit/218f25ddfadb66a54de7a82dffe3ab2e4ab7c4b4"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/fa538421-ae55-4288-928f-4e96aaed5803"
}
],
"source": {
"advisory": "fa538421-ae55-4288-928f-4e96aaed5803",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in orchardcms/orchardcore",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0243",
"STATE": "PUBLIC",
"TITLE": "Cross-site Scripting (XSS) - Stored in orchardcms/orchardcore"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "orchardcms/orchardcore",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "1.2.2"
}
]
}
}
]
},
"vendor_name": "orchardcms"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site Scripting (XSS) - Stored in NuGet OrchardCore.Application.Cms.Targets prior to 1.2.2."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/orchardcms/orchardcore/commit/218f25ddfadb66a54de7a82dffe3ab2e4ab7c4b4",
"refsource": "MISC",
"url": "https://github.com/orchardcms/orchardcore/commit/218f25ddfadb66a54de7a82dffe3ab2e4ab7c4b4"
},
{
"name": "https://huntr.dev/bounties/fa538421-ae55-4288-928f-4e96aaed5803",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/fa538421-ae55-4288-928f-4e96aaed5803"
}
]
},
"source": {
"advisory": "fa538421-ae55-4288-928f-4e96aaed5803",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0243",
"datePublished": "2022-01-19T19:20:10.000Z",
"dateReserved": "2022-01-16T00:00:00.000Z",
"dateUpdated": "2024-08-02T23:18:42.966Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0274 (GCVE-0-2022-0274)
Vulnerability from nvd – Published: 2022-01-19 18:10 – Updated: 2024-08-02 23:25
VLAI
EPSS
VEX
Title
Cross-site Scripting (XSS) - Stored in orchardcms/orchardcore
Summary
Cross-site Scripting (XSS) - Stored in NuGet OrchardCore.Application.Cms.Targets prior to 1.2.2.
Severity
6.8 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://huntr.dev/bounties/a82a714a-9b71-475e-bfc… | x_refsource_CONFIRM |
| https://github.com/orchardcms/orchardcore/commit/… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| orchardcms | orchardcms/orchardcore |
Affected:
unspecified , < 1.2.2
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:25:40.234Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/a82a714a-9b71-475e-bfc3-43326fcaf764"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/orchardcms/orchardcore/commit/218f25ddfadb66a54de7a82dffe3ab2e4ab7c4b4"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "orchardcms/orchardcore",
"vendor": "orchardcms",
"versions": [
{
"lessThan": "1.2.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in NuGet OrchardCore.Application.Cms.Targets prior to 1.2.2."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-21T12:46:13.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/a82a714a-9b71-475e-bfc3-43326fcaf764"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/orchardcms/orchardcore/commit/218f25ddfadb66a54de7a82dffe3ab2e4ab7c4b4"
}
],
"source": {
"advisory": "a82a714a-9b71-475e-bfc3-43326fcaf764",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in orchardcms/orchardcore",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0274",
"STATE": "PUBLIC",
"TITLE": "Cross-site Scripting (XSS) - Stored in orchardcms/orchardcore"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "orchardcms/orchardcore",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "1.2.2"
}
]
}
}
]
},
"vendor_name": "orchardcms"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site Scripting (XSS) - Stored in NuGet OrchardCore.Application.Cms.Targets prior to 1.2.2."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/a82a714a-9b71-475e-bfc3-43326fcaf764",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/a82a714a-9b71-475e-bfc3-43326fcaf764"
},
{
"name": "https://github.com/orchardcms/orchardcore/commit/218f25ddfadb66a54de7a82dffe3ab2e4ab7c4b4",
"refsource": "MISC",
"url": "https://github.com/orchardcms/orchardcore/commit/218f25ddfadb66a54de7a82dffe3ab2e4ab7c4b4"
}
]
},
"source": {
"advisory": "a82a714a-9b71-475e-bfc3-43326fcaf764",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0274",
"datePublished": "2022-01-19T18:10:11.000Z",
"dateReserved": "2022-01-18T00:00:00.000Z",
"dateUpdated": "2024-08-02T23:25:40.234Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0159 (GCVE-0-2022-0159)
Vulnerability from nvd – Published: 2022-01-12 02:55 – Updated: 2024-08-02 23:18
VLAI
EPSS
VEX
Title
Cross-site Scripting (XSS) - Stored in orchardcms/orchardcore
Summary
orchardcore is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Severity
7.4 (High)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://huntr.dev/bounties/00937280-e2ab-49fe-8d4… | x_refsource_CONFIRM |
| https://github.com/orchardcms/orchardcore/commit/… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| orchardcms | orchardcms/orchardcore |
Affected:
unspecified , < 1.2.1
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:18:41.930Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/00937280-e2ab-49fe-8d43-8235b3c3db4b"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/orchardcms/orchardcore/commit/4da927d39a49138527c30db09c962ff706f95202"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "orchardcms/orchardcore",
"vendor": "orchardcms",
"versions": [
{
"lessThan": "1.2.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "orchardcore is vulnerable to Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-12T02:55:10.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/00937280-e2ab-49fe-8d43-8235b3c3db4b"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/orchardcms/orchardcore/commit/4da927d39a49138527c30db09c962ff706f95202"
}
],
"source": {
"advisory": "00937280-e2ab-49fe-8d43-8235b3c3db4b",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in orchardcms/orchardcore",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0159",
"STATE": "PUBLIC",
"TITLE": "Cross-site Scripting (XSS) - Stored in orchardcms/orchardcore"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "orchardcms/orchardcore",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "1.2.1"
}
]
}
}
]
},
"vendor_name": "orchardcms"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "orchardcore is vulnerable to Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/00937280-e2ab-49fe-8d43-8235b3c3db4b",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/00937280-e2ab-49fe-8d43-8235b3c3db4b"
},
{
"name": "https://github.com/orchardcms/orchardcore/commit/4da927d39a49138527c30db09c962ff706f95202",
"refsource": "MISC",
"url": "https://github.com/orchardcms/orchardcore/commit/4da927d39a49138527c30db09c962ff706f95202"
}
]
},
"source": {
"advisory": "00937280-e2ab-49fe-8d43-8235b3c3db4b",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0159",
"datePublished": "2022-01-12T02:55:10.000Z",
"dateReserved": "2022-01-10T00:00:00.000Z",
"dateUpdated": "2024-08-02T23:18:41.930Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0822 (GCVE-0-2022-0822)
Vulnerability from cvelistv5 – Published: 2022-03-11 00:50 – Updated: 2024-08-02 23:40
VLAI
EPSS
VEX
Title
Cross-site Scripting (XSS) - Reflected in orchardcms/orchardcore
Summary
Cross-site Scripting (XSS) - Reflected in GitHub repository orchardcms/orchardcore prior to 1.3.0.
Severity
5.4 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/orchardcms/orchardcore/commit/… | x_refsource_MISC |
| https://huntr.dev/bounties/06971613-b6ab-4b96-8aa… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| orchardcms | orchardcms/orchardcore |
Affected:
unspecified , < 1.3.0
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:40:04.323Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/orchardcms/orchardcore/commit/b7096af1028d8f909f63dd076d1bbd573913a92d"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/06971613-b6ab-4b96-8aa6-4982bfcfeb73"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "orchardcms/orchardcore",
"vendor": "orchardcms",
"versions": [
{
"lessThan": "1.3.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Reflected in GitHub repository orchardcms/orchardcore prior to 1.3.0."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-11T00:50:08.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/orchardcms/orchardcore/commit/b7096af1028d8f909f63dd076d1bbd573913a92d"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/06971613-b6ab-4b96-8aa6-4982bfcfeb73"
}
],
"source": {
"advisory": "06971613-b6ab-4b96-8aa6-4982bfcfeb73",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Reflected in orchardcms/orchardcore",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0822",
"STATE": "PUBLIC",
"TITLE": "Cross-site Scripting (XSS) - Reflected in orchardcms/orchardcore"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "orchardcms/orchardcore",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "1.3.0"
}
]
}
}
]
},
"vendor_name": "orchardcms"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site Scripting (XSS) - Reflected in GitHub repository orchardcms/orchardcore prior to 1.3.0."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/orchardcms/orchardcore/commit/b7096af1028d8f909f63dd076d1bbd573913a92d",
"refsource": "MISC",
"url": "https://github.com/orchardcms/orchardcore/commit/b7096af1028d8f909f63dd076d1bbd573913a92d"
},
{
"name": "https://huntr.dev/bounties/06971613-b6ab-4b96-8aa6-4982bfcfeb73",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/06971613-b6ab-4b96-8aa6-4982bfcfeb73"
}
]
},
"source": {
"advisory": "06971613-b6ab-4b96-8aa6-4982bfcfeb73",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0822",
"datePublished": "2022-03-11T00:50:09.000Z",
"dateReserved": "2022-03-02T00:00:00.000Z",
"dateUpdated": "2024-08-02T23:40:04.323Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0821 (GCVE-0-2022-0821)
Vulnerability from cvelistv5 – Published: 2022-03-10 23:40 – Updated: 2024-08-02 23:40
VLAI
EPSS
VEX
Title
Improper Authorization in orchardcms/orchardcore
Summary
Improper Authorization in GitHub repository orchardcms/orchardcore prior to 1.3.0.
Severity
7.1 (High)
CWE
- CWE-285 - Improper Authorization
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/orchardcms/orchardcore/commit/… | x_refsource_MISC |
| https://huntr.dev/bounties/0019eb1c-8bf9-4bd0-a27… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| orchardcms | orchardcms/orchardcore |
Affected:
unspecified , < 1.3.0
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:40:04.388Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/orchardcms/orchardcore/commit/b7096af1028d8f909f63dd076d1bbd573913a92d"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/0019eb1c-8bf9-4bd0-a27f-aadc173515cb"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "orchardcms/orchardcore",
"vendor": "orchardcms",
"versions": [
{
"lessThan": "1.3.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper Authorization in GitHub repository orchardcms/orchardcore prior to 1.3.0."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "CWE-285 Improper Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-10T23:40:10.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/orchardcms/orchardcore/commit/b7096af1028d8f909f63dd076d1bbd573913a92d"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/0019eb1c-8bf9-4bd0-a27f-aadc173515cb"
}
],
"source": {
"advisory": "0019eb1c-8bf9-4bd0-a27f-aadc173515cb",
"discovery": "EXTERNAL"
},
"title": "Improper Authorization in orchardcms/orchardcore",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0821",
"STATE": "PUBLIC",
"TITLE": "Improper Authorization in orchardcms/orchardcore"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "orchardcms/orchardcore",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "1.3.0"
}
]
}
}
]
},
"vendor_name": "orchardcms"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper Authorization in GitHub repository orchardcms/orchardcore prior to 1.3.0."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-285 Improper Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/orchardcms/orchardcore/commit/b7096af1028d8f909f63dd076d1bbd573913a92d",
"refsource": "MISC",
"url": "https://github.com/orchardcms/orchardcore/commit/b7096af1028d8f909f63dd076d1bbd573913a92d"
},
{
"name": "https://huntr.dev/bounties/0019eb1c-8bf9-4bd0-a27f-aadc173515cb",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/0019eb1c-8bf9-4bd0-a27f-aadc173515cb"
}
]
},
"source": {
"advisory": "0019eb1c-8bf9-4bd0-a27f-aadc173515cb",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0821",
"datePublished": "2022-03-10T23:40:10.000Z",
"dateReserved": "2022-03-01T00:00:00.000Z",
"dateUpdated": "2024-08-02T23:40:04.388Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0820 (GCVE-0-2022-0820)
Vulnerability from cvelistv5 – Published: 2022-03-10 23:35 – Updated: 2024-08-02 23:40
VLAI
EPSS
VEX
Title
Cross-site Scripting (XSS) - Stored in orchardcms/orchardcore
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository orchardcms/orchardcore prior to 1.3.0.
Severity
4.7 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://huntr.dev/bounties/d00e7175-4764-4962-ae0… | x_refsource_CONFIRM |
| https://github.com/orchardcms/orchardcore/commit/… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| orchardcms | orchardcms/orchardcore |
Affected:
unspecified , < 1.3.0
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:40:04.457Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/d00e7175-4764-4962-ae0d-a66501dda2e6"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/orchardcms/orchardcore/commit/b7096af1028d8f909f63dd076d1bbd573913a92d"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "orchardcms/orchardcore",
"vendor": "orchardcms",
"versions": [
{
"lessThan": "1.3.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository orchardcms/orchardcore prior to 1.3.0."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-10T23:35:09.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/d00e7175-4764-4962-ae0d-a66501dda2e6"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/orchardcms/orchardcore/commit/b7096af1028d8f909f63dd076d1bbd573913a92d"
}
],
"source": {
"advisory": "d00e7175-4764-4962-ae0d-a66501dda2e6",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in orchardcms/orchardcore",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0820",
"STATE": "PUBLIC",
"TITLE": "Cross-site Scripting (XSS) - Stored in orchardcms/orchardcore"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "orchardcms/orchardcore",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "1.3.0"
}
]
}
}
]
},
"vendor_name": "orchardcms"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository orchardcms/orchardcore prior to 1.3.0."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/d00e7175-4764-4962-ae0d-a66501dda2e6",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/d00e7175-4764-4962-ae0d-a66501dda2e6"
},
{
"name": "https://github.com/orchardcms/orchardcore/commit/b7096af1028d8f909f63dd076d1bbd573913a92d",
"refsource": "MISC",
"url": "https://github.com/orchardcms/orchardcore/commit/b7096af1028d8f909f63dd076d1bbd573913a92d"
}
]
},
"source": {
"advisory": "d00e7175-4764-4962-ae0d-a66501dda2e6",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0820",
"datePublished": "2022-03-10T23:35:09.000Z",
"dateReserved": "2022-03-01T00:00:00.000Z",
"dateUpdated": "2024-08-02T23:40:04.457Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0243 (GCVE-0-2022-0243)
Vulnerability from cvelistv5 – Published: 2022-01-19 19:20 – Updated: 2024-08-02 23:18
VLAI
EPSS
VEX
Title
Cross-site Scripting (XSS) - Stored in orchardcms/orchardcore
Summary
Cross-site Scripting (XSS) - Stored in NuGet OrchardCore.Application.Cms.Targets prior to 1.2.2.
Severity
7.4 (High)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/orchardcms/orchardcore/commit/… | x_refsource_MISC |
| https://huntr.dev/bounties/fa538421-ae55-4288-928… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| orchardcms | orchardcms/orchardcore |
Affected:
unspecified , < 1.2.2
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:18:42.966Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/orchardcms/orchardcore/commit/218f25ddfadb66a54de7a82dffe3ab2e4ab7c4b4"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/fa538421-ae55-4288-928f-4e96aaed5803"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "orchardcms/orchardcore",
"vendor": "orchardcms",
"versions": [
{
"lessThan": "1.2.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in NuGet OrchardCore.Application.Cms.Targets prior to 1.2.2."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-21T12:53:25.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/orchardcms/orchardcore/commit/218f25ddfadb66a54de7a82dffe3ab2e4ab7c4b4"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/fa538421-ae55-4288-928f-4e96aaed5803"
}
],
"source": {
"advisory": "fa538421-ae55-4288-928f-4e96aaed5803",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in orchardcms/orchardcore",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0243",
"STATE": "PUBLIC",
"TITLE": "Cross-site Scripting (XSS) - Stored in orchardcms/orchardcore"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "orchardcms/orchardcore",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "1.2.2"
}
]
}
}
]
},
"vendor_name": "orchardcms"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site Scripting (XSS) - Stored in NuGet OrchardCore.Application.Cms.Targets prior to 1.2.2."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/orchardcms/orchardcore/commit/218f25ddfadb66a54de7a82dffe3ab2e4ab7c4b4",
"refsource": "MISC",
"url": "https://github.com/orchardcms/orchardcore/commit/218f25ddfadb66a54de7a82dffe3ab2e4ab7c4b4"
},
{
"name": "https://huntr.dev/bounties/fa538421-ae55-4288-928f-4e96aaed5803",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/fa538421-ae55-4288-928f-4e96aaed5803"
}
]
},
"source": {
"advisory": "fa538421-ae55-4288-928f-4e96aaed5803",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0243",
"datePublished": "2022-01-19T19:20:10.000Z",
"dateReserved": "2022-01-16T00:00:00.000Z",
"dateUpdated": "2024-08-02T23:18:42.966Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0274 (GCVE-0-2022-0274)
Vulnerability from cvelistv5 – Published: 2022-01-19 18:10 – Updated: 2024-08-02 23:25
VLAI
EPSS
VEX
Title
Cross-site Scripting (XSS) - Stored in orchardcms/orchardcore
Summary
Cross-site Scripting (XSS) - Stored in NuGet OrchardCore.Application.Cms.Targets prior to 1.2.2.
Severity
6.8 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://huntr.dev/bounties/a82a714a-9b71-475e-bfc… | x_refsource_CONFIRM |
| https://github.com/orchardcms/orchardcore/commit/… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| orchardcms | orchardcms/orchardcore |
Affected:
unspecified , < 1.2.2
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:25:40.234Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/a82a714a-9b71-475e-bfc3-43326fcaf764"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/orchardcms/orchardcore/commit/218f25ddfadb66a54de7a82dffe3ab2e4ab7c4b4"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "orchardcms/orchardcore",
"vendor": "orchardcms",
"versions": [
{
"lessThan": "1.2.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in NuGet OrchardCore.Application.Cms.Targets prior to 1.2.2."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-21T12:46:13.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/a82a714a-9b71-475e-bfc3-43326fcaf764"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/orchardcms/orchardcore/commit/218f25ddfadb66a54de7a82dffe3ab2e4ab7c4b4"
}
],
"source": {
"advisory": "a82a714a-9b71-475e-bfc3-43326fcaf764",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in orchardcms/orchardcore",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0274",
"STATE": "PUBLIC",
"TITLE": "Cross-site Scripting (XSS) - Stored in orchardcms/orchardcore"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "orchardcms/orchardcore",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "1.2.2"
}
]
}
}
]
},
"vendor_name": "orchardcms"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site Scripting (XSS) - Stored in NuGet OrchardCore.Application.Cms.Targets prior to 1.2.2."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/a82a714a-9b71-475e-bfc3-43326fcaf764",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/a82a714a-9b71-475e-bfc3-43326fcaf764"
},
{
"name": "https://github.com/orchardcms/orchardcore/commit/218f25ddfadb66a54de7a82dffe3ab2e4ab7c4b4",
"refsource": "MISC",
"url": "https://github.com/orchardcms/orchardcore/commit/218f25ddfadb66a54de7a82dffe3ab2e4ab7c4b4"
}
]
},
"source": {
"advisory": "a82a714a-9b71-475e-bfc3-43326fcaf764",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0274",
"datePublished": "2022-01-19T18:10:11.000Z",
"dateReserved": "2022-01-18T00:00:00.000Z",
"dateUpdated": "2024-08-02T23:25:40.234Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0159 (GCVE-0-2022-0159)
Vulnerability from cvelistv5 – Published: 2022-01-12 02:55 – Updated: 2024-08-02 23:18
VLAI
EPSS
VEX
Title
Cross-site Scripting (XSS) - Stored in orchardcms/orchardcore
Summary
orchardcore is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Severity
7.4 (High)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://huntr.dev/bounties/00937280-e2ab-49fe-8d4… | x_refsource_CONFIRM |
| https://github.com/orchardcms/orchardcore/commit/… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| orchardcms | orchardcms/orchardcore |
Affected:
unspecified , < 1.2.1
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:18:41.930Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/00937280-e2ab-49fe-8d43-8235b3c3db4b"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/orchardcms/orchardcore/commit/4da927d39a49138527c30db09c962ff706f95202"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "orchardcms/orchardcore",
"vendor": "orchardcms",
"versions": [
{
"lessThan": "1.2.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "orchardcore is vulnerable to Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-12T02:55:10.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/00937280-e2ab-49fe-8d43-8235b3c3db4b"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/orchardcms/orchardcore/commit/4da927d39a49138527c30db09c962ff706f95202"
}
],
"source": {
"advisory": "00937280-e2ab-49fe-8d43-8235b3c3db4b",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in orchardcms/orchardcore",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0159",
"STATE": "PUBLIC",
"TITLE": "Cross-site Scripting (XSS) - Stored in orchardcms/orchardcore"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "orchardcms/orchardcore",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "1.2.1"
}
]
}
}
]
},
"vendor_name": "orchardcms"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "orchardcore is vulnerable to Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/00937280-e2ab-49fe-8d43-8235b3c3db4b",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/00937280-e2ab-49fe-8d43-8235b3c3db4b"
},
{
"name": "https://github.com/orchardcms/orchardcore/commit/4da927d39a49138527c30db09c962ff706f95202",
"refsource": "MISC",
"url": "https://github.com/orchardcms/orchardcore/commit/4da927d39a49138527c30db09c962ff706f95202"
}
]
},
"source": {
"advisory": "00937280-e2ab-49fe-8d43-8235b3c3db4b",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0159",
"datePublished": "2022-01-12T02:55:10.000Z",
"dateReserved": "2022-01-10T00:00:00.000Z",
"dateUpdated": "2024-08-02T23:18:41.930Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}