Description
In OrchardCore rc1-11259 to v1.2.2 vulnerable to HTML injection, allow an authenticated user with an editor security role to inject a persistent HTML modal dialog component into the dashboard that will affect admin users.
References (2)
Core 2
Core References
Exploit, Third Party Advisory x_refsource_misc
https://www.mend.io/vulnerability-database/CVE-2022-32173
Patch, Third Party Advisory x_refsource_misc
https://github.com/OrchardCMS/OrchardCore/commit/0163c88ddeaca39815d7e6e5ea1c8391085cc136
Scores
CVSS v3
5.4
EPSS
0.0019
EPSS Percentile
40.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-79
Status
published
Products (2)
nuget/OrchardCore
1.0.0-rc1-11259 - 1.4.0NuGet
orchardcore/orchardcore
0.0.1 - 1.4.0
Published
Oct 03, 2022
Tracked Since
Feb 18, 2026