CVE-2022-0822 MEDIUM

CVE-2022-0822: Cross-site Scripting (XSS) - Reflected in orchardcms/orchardcore

Vendor Orchardcms
Product orchardcms/orchardcore
Weakness CWE-79 · XSS
Published March 11, 2022
Last update August 2, 2024
View on NVD All CVEs

CVSS base score

5.4/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

What the vulnerability does

01Description

Cross-site Scripting (XSS) - Reflected in GitHub repository orchardcms/orchardcore prior to 1.3.0.

Key dates

02Disclosure timeline

March 11, 2022 CVE published
August 2, 2024 Record updated

Related vulnerabilities

04Related CVE

CVE-2026-2433 RSS Aggregator – RSS Import, News Feeds, Feed to Post, and Autoblogging <= 5.0.11 - Unauthenticated DOM-Based Reflected Cross-Site Scripting via postMessage CVE-2025-50042 WordPress WP Register Profile With Shortcode plugin <= 3.6.3 - Cross Site Scripting (XSS) Vulnerability CVE-2025-14125 Complag <= 1.0.2 - Reflected Cross-Site Scripting via $_SERVER['PHP_SELF'] CVE-2022-39035 Smart eVision - Stored XSS CVE-2023-2318 MarkText DOM-Based Cross-site Scripting leading to Remote Code Execution