GHSA-5gg9-gwj4-mqmj

Source

https://github.com/advisories/GHSA-5gg9-gwj4-mqmj

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/10/GHSA-5gg9-gwj4-mqmj/GHSA-5gg9-gwj4-mqmj.json

Aliases

CVE-2022-32173

Published

2022-10-04T00:00:20Z

Modified

2023-11-08T04:09:34.901163Z

Details

OrchardCore versions starting with 1.0.0-rc1-11259 and prior to 1.4.0 are vulnerable to HTML injection. The vulnerability allows an authenticated user with an editor security role to inject a persistent HTML modal dialog component into the dashboard that will affect admin users. Version 1.4.0 contains a patch.

References

https://nvd.nist.gov/vuln/detail/CVE-2022-32173
https://github.com/OrchardCMS/OrchardCore/pull/11729
https://github.com/OrchardCMS/OrchardCore/commit/0163c88ddeaca39815d7e6e5ea1c8391085cc136
https://github.com/OrchardCMS/OrchardCore
https://www.mend.io/vulnerability-database/CVE-2022-32173

Affected packages

NuGet / OrchardCore

Package

Name: OrchardCore

Affected ranges

Type: ECOSYSTEM
Events: Introduced

1.0.0-rc1-11259

Fixed

1.4.0

Affected versions

1.*

1.0.0-rc2-13450

1.0.0

1.1.0

1.2.0

1.2.1

1.2.2

1.3.0