orchardcore 漏洞與 CVE 列表(10)

產品(CPE): — CVE 數: 10

orchardcore 漏洞概覽

彙總 orchardcore 相關全部產品的 CVE 與安全漏洞情報,包括 CVSS、EPSS、公開時間與漏洞情報資料。

歷史漏洞主要涉及 跨站腳本與路徑處理缺陷 等問題,部分漏洞可能導致 檔案覆寫,並影響 生產負載與軟體部署 相關場景。

相關漏洞資料主要來源於公開漏洞披露與安全公告,可用於評估歷史漏洞暴露面與修補優先順序。

漏洞分布趨勢(近 24 個月)

顯示 11010 CVE 數
«« 第一頁 « 上一頁 第 1 / 1 頁 下一頁 »
CVE 摘要 來源 最高 CVSS EPSS % 公開時間 更新時間
CVE-2020-37019 Orchard Core RC1 contains a persistent cross-site scripting vulnerability that allows remote attackers to inject malicious scripts through blog post creation. Attackers can create blog posts with embedded JavaScript in the MarkdownBodyPart.Source parameter to execute arbitrary scripts in victim browsers. [email protected] 5.1 0.40% 2026-01-30 2026-06-16
CVE-2022-37720 Orchardproject Orchard CMS 1.10.3 is vulnerable to Cross Site Scripting (XSS). When a low privileged user such as an author or publisher, injects a crafted html and javascript payload in a blog post, leading to full admin account takeover or privilege escalation when the malicious blog post is loaded in the victim's browser. [email protected] 9.0 0.77% 2022-11-25 2026-07-08
CVE-2022-32173 In OrchardCore rc1-11259 to v1.2.2 vulnerable to HTML injection, allow an authenticated user with an editor security role to inject a persistent HTML modal dialog component into the dashboard that will affect admin users. [email protected] 5.4 0.51% 2022-10-03 2026-06-17
CVE-2022-0822 Cross-site Scripting (XSS) - Reflected in GitHub repository orchardcms/orchardcore prior to 1.3.0. [email protected] 5.4 0.61% 2022-03-10 2026-06-17
CVE-2022-0821 Improper Authorization in GitHub repository orchardcms/orchardcore prior to 1.3.0. [email protected] 6.5 0.73% 2022-03-10 2026-06-17
CVE-2022-0820 Cross-site Scripting (XSS) - Stored in GitHub repository orchardcms/orchardcore prior to 1.3.0. [email protected] 6.1 0.73% 2022-03-10 2026-06-17
CVE-2022-0243 Cross-site Scripting (XSS) - Stored in NuGet OrchardCore.Application.Cms.Targets prior to 1.2.2. [email protected] 5.4 0.64% 2022-01-19 2026-06-17
CVE-2022-0274 Cross-site Scripting (XSS) - Stored in NuGet OrchardCore.Application.Cms.Targets prior to 1.2.2. [email protected] 5.4 0.57% 2022-01-19 2026-06-17
CVE-2022-0159 orchardcore is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') [email protected] 5.4 0.63% 2022-01-11 2026-06-17
CVE-2021-25966 In “Orchard core CMS” application, versions 1.0.0-beta1-3383 to 1.0.0 are vulnerable to an improper session termination after password change. When a password has been changed by the user or by an administrator, a user that was already logged in, will still have access to the application even after the password was changed. [email protected] 8.8 1.02% 2021-10-10 2026-06-16
«« 第一頁 « 上一頁 第 1 / 1 頁 下一頁 »
cvelogic Threat Intelligence