Cross-site Scripting (XSS) - Stored in orchardcms/orchardcore
Jan 12th 2022
Proof of Concept
Through this vulnerability, an attacker is capable to execute malicious scripts.
I am sorry because I cannot found ,, code,,
I will evaluate the validity of the issue with other maintainers. This is not straightforward since the feature is supposed to let you be able to write custom HTML links on the front-end (this is a CMS). Outcomes could be to protect this feature behind a specific permission.
..? The vectors I found do not use HTML Injection. This occurs because the
okay! I understood and I'll wait for your answer. Thank You