CVE-2022-32173

CVE-2022-32173: OrchardCore - HTML Injection

Vendor Orchardcore

Product OrchardCore

Weakness CWE-79 · XSS

Published October 3, 2022

Last update September 16, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

In OrchardCore rc1-11259 to v1.2.2 vulnerable to HTML injection, allow an authenticated user with an editor security role to inject a persistent HTML modal dialog component into the dashboard that will affect admin users.

Key dates

02Disclosure timeline

October 3, 2022 CVE published

September 16, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-32173 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

04Related CVE

CVE-2026-33299 OpenEMR has Stored XSS in patient encounter Eye Exam form answers CVE-2022-42786 Wiesemann & Theis: XSS vulnerability in web interface of the Com-Server family CVE-2024-12119 FooGallery – Responsive Photo Gallery, Image Viewer, Justified, Masonry & Carousel <= 2.4.29 - Authenticated (Custom+) Stored Cross-Site Scripting via Album Title Size CVE-2026-24671 Open eClass is Vulnerable to Stored Cross-Site Scripting (XSS) in Multiple High-Privilege User Fields CVE-2022-1569 WordPress Forms by Pie Forms < 1.4.9.4 - Admin+ Stored Cross-Site Scripting

Identifiers

CVE CVE-2022-32173

CWE CWE-79

Affected versions

Vendor Orchardcore

Product OrchardCore

Affected ≥ v0.0.1 and < unspecified

Vendor Orchardcore

Product OrchardCore

Affected ≥ unspecified and ≤ rc2-13929