彙總 orchardcore 相關全部產品的 CVE 與安全漏洞情報,包括 CVSS、EPSS、公開時間與漏洞情報資料。
歷史漏洞主要涉及 跨站腳本與路徑處理缺陷 等問題,部分漏洞可能導致 檔案覆寫,並影響 生產負載與軟體部署 相關場景。
相關漏洞資料主要來源於公開漏洞披露與安全公告,可用於評估歷史漏洞暴露面與修補優先順序。
| CVE | 摘要 | 來源 | 最高 CVSS | EPSS % | 公開時間 | 更新時間 |
|---|---|---|---|---|---|---|
| CVE-2020-37019 | Orchard Core RC1 contains a persistent cross-site scripting vulnerability that allows remote attackers to inject malicious scripts through blog post creation. Attackers can create blog posts with embedded JavaScript in the MarkdownBodyPart.Source parameter to execute arbitrary scripts in victim browsers. | [email protected] | 5.1 | 0.40% | 2026-01-30 | 2026-06-16 |
| CVE-2022-37720 | Orchardproject Orchard CMS 1.10.3 is vulnerable to Cross Site Scripting (XSS). When a low privileged user such as an author or publisher, injects a crafted html and javascript payload in a blog post, leading to full admin account takeover or privilege escalation when the malicious blog post is loaded in the victim's browser. | [email protected] | 9.0 | 0.77% | 2022-11-25 | 2026-07-08 |
| CVE-2022-32173 | In OrchardCore rc1-11259 to v1.2.2 vulnerable to HTML injection, allow an authenticated user with an editor security role to inject a persistent HTML modal dialog component into the dashboard that will affect admin users. | [email protected] | 5.4 | 0.51% | 2022-10-03 | 2026-06-17 |
| CVE-2022-0822 | Cross-site Scripting (XSS) - Reflected in GitHub repository orchardcms/orchardcore prior to 1.3.0. | [email protected] | 5.4 | 0.61% | 2022-03-10 | 2026-06-17 |
| CVE-2022-0821 | Improper Authorization in GitHub repository orchardcms/orchardcore prior to 1.3.0. | [email protected] | 6.5 | 0.73% | 2022-03-10 | 2026-06-17 |
| CVE-2022-0820 | Cross-site Scripting (XSS) - Stored in GitHub repository orchardcms/orchardcore prior to 1.3.0. | [email protected] | 6.1 | 0.73% | 2022-03-10 | 2026-06-17 |
| CVE-2022-0243 | Cross-site Scripting (XSS) - Stored in NuGet OrchardCore.Application.Cms.Targets prior to 1.2.2. | [email protected] | 5.4 | 0.64% | 2022-01-19 | 2026-06-17 |
| CVE-2022-0274 | Cross-site Scripting (XSS) - Stored in NuGet OrchardCore.Application.Cms.Targets prior to 1.2.2. | [email protected] | 5.4 | 0.57% | 2022-01-19 | 2026-06-17 |
| CVE-2022-0159 | orchardcore is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | [email protected] | 5.4 | 0.63% | 2022-01-11 | 2026-06-17 |
| CVE-2021-25966 | In “Orchard core CMS” application, versions 1.0.0-beta1-3383 to 1.0.0 are vulnerable to an improper session termination after password change. When a password has been changed by the user or by an administrator, a user that was already logged in, will still have access to the application even after the password was changed. | [email protected] | 8.8 | 1.02% | 2021-10-10 | 2026-06-16 |