CNNVD-202601-5062 Information
CNNVD ID
CNNVD-202601-5062
Related CVE
- CNNVD Published: 2026-01-30
Description (Chinese)
Orchard Core是美国Orchard Core公司的一个使用 Asp.Net Core 构建的开源模块化和多租户应用程序框架,以及构建在该框架之上的内容管理系统 (Cms)。 Orchard Core RC1版本存在跨站脚本漏洞,该漏洞源于博客创建时对MarkdownBodyPart.Source参数输入清理不当,可能导致存储型跨站脚本攻击。
Description (English)
Orchard Core is an open-source modularization and multi-tenant application framework built using Asp.Net Core and a content management system (Cms) built on that framework. Orchard Core RC1 has a cross-site script loophole, which stems from the inappropriate clean-up of MarkdownBodyPart.Source parameters at the time the blog was created, which could lead to storage-type cross-site script attacks.
Hazard Level
High
Vulnerability Type
跨站脚本
Affected Vendor
Orchard Core
Published
2026-01-30
Last Modified
2026-02-24
References
http://www.orchardcore.net/ https://github.com/OrchardCMS/OrchardCore https://github.com/OrchardCMS/OrchardCore/issues/5802 https://www.exploit-db.com/exploits/48456 https://www.vulncheck.com/advisories/orchard-core-rc-persistent-cross-site-scripting
Share on: