PT-2021-11696 · Orchard · Orchard
Burninator
·
Published
2021-04-14
·
Updated
2021-04-21
·
CVE-2020-29593
CVSS v3.1
5.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions:
Orchard versions prior to 1.10
Description:
An issue was discovered in the Media Settings Allowed File Types list field, allowing an attacker to add a XSS payload. This payload will execute when users attempt to upload a disallowed file type, causing the error to display.
Recommendations:
For versions prior to 1.10, update to version 1.10 or later to resolve the issue. As a temporary workaround, consider restricting access to the Media Settings Allowed File Types list field to minimize the risk of exploitation.
Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Orchard