Detections
Analytics

CVE-2020-37019

medium

Description

Orchard Core RC1 contains a persistent cross-site scripting vulnerability that allows remote attackers to inject malicious scripts through blog post creation. Attackers can create blog posts with embedded JavaScript in the MarkdownBodyPart.Source parameter to execute arbitrary scripts in victim browsers.

References

https://www.vulncheck.com/advisories/orchard-core-rc-persistent-cross-site-scripting

https://www.exploit-db.com/exploits/48456

https://github.com/OrchardCMS/OrchardCore/issues/5802

https://github.com/OrchardCMS/OrchardCore

http://www.orchardcore.net/

Details

Source: Mitre, NVD

Published: 2026-01-30

Updated: 2026-01-30

Risk Information

CVSS v2

Base Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 6.4

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Severity: Medium

CVSS v4

Base Score: 5.1

Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

Severity: Medium

EPSS

EPSS: 0.00071