CVE-2022-32173

UNKNOWN 0.0

OrchardCore - HTML Injection

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

In OrchardCore rc1-11259 to v1.2.2 vulnerable to HTML injection, allow an authenticated user with an editor security role to inject a persistent HTML modal dialog component into the dashboard that will affect admin users.

CWE	CWE-79
Vendor	orchardcore
Product	orchardcore
Published	Oct 3, 2022
Last Updated	Sep 16, 2024

Stay Ahead of the Next One

Get instant alerts for orchardcore orchardcore

Be the first to know when new unknown vulnerabilities affecting orchardcore orchardcore are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

OrchardCore / OrchardCore

v0.0.1 < unspecified unspecified ≤ rc2-13929

References

NVD ↗ CVE.org ↗ EPSS Data ↗

mend.io: https://www.mend.io/vulnerability-database/CVE-2022-32173 github.com: https://github.com/OrchardCMS/OrchardCore/commit/0163c88ddeaca39815d7e6e5ea1c8391085cc136

Credits

Mend Vulnerability Research Team (MVR)