Orchardproject Orchard — known CVE vulnerabilities
Every CVE whose affected-product data names Orchardproject Orchard, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (5)
CVE-2020-29592 — CVSS 9.8 (critical): An issue was discovered in Orchard before 1.10. A broken access control issue in Orchard components that use the TinyMCE HTML editor's file…
CVE-2011-5252 — CVSS 5.8 (medium): Open redirect vulnerability in Users/Account/LogOff in Orchard 1.0.x before 1.0.21, 1.1.x before 1.1.31, 1.2.x before 1.2.42, and 1.3.x…
CVE-2020-29593 — CVSS 5.4 (medium): An issue was discovered in Orchard before 1.10. The Media Settings Allowed File Types list field allows an attacker to add a XSS payload…
CVE-2013-3645 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in the Orchard.Comments module in Orchard before 1.6.1 allows remote attackers to inject arbitrary…
CVE-2015-5520 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in the Users module in Orchard 1.7.3 through 1.8.2 and 1.9.x before 1.9.1 allows remote attackers…