CVE-2020-37019
Orchard Core RC1 - Persistent Cross-Site Scripting
CVSS Score
6.4
EPSS Score
0.0%
EPSS Percentile
0th
Orchard Core RC1 contains a persistent cross-site scripting vulnerability that allows remote attackers to inject malicious scripts through blog post creation. Attackers can create blog posts with embedded JavaScript in the MarkdownBodyPart.Source parameter to execute arbitrary scripts in victim browsers.
| CWE | CWE-79 |
| Vendor | orchardcore |
| Product | orchard core |
| Published | Jan 30, 2026 |
| Last Updated | Mar 5, 2026 |
Stay Ahead of the Next One
Get instant alerts for orchardcore orchard core
Be the first to know when new medium vulnerabilities affecting orchardcore orchard core are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None
Affected Versions
Orchardcore / Orchard Core
1.0
References
exploit-db.com: https://www.exploit-db.com/exploits/48456 orchardcore.net: http://www.orchardcore.net/ github.com: https://github.com/OrchardCMS/OrchardCore github.com: https://github.com/OrchardCMS/OrchardCore/issues/5802 vulncheck.com: https://www.vulncheck.com/advisories/orchard-core-rc-persistent-cross-site-scripting
Credits
SunCSR (Sun* Cyber Security Research)