Vulnerability Details CVE-2020-29593
An issue was discovered in Orchard before 1.10. The Media Settings Allowed File Types list field allows an attacker to add a XSS payload that will execute when users attempt to upload a disallowed file type, causing the error to display.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 43.0%
CVSS Severity
CVSS v3 Score 5.4
CVSS v2 Score 3.5
References
Products affected by CVE-2020-29593
-
cpe:2.3:a:orchardproject:orchard:0.1
-
cpe:2.3:a:orchardproject:orchard:0.5
-
cpe:2.3:a:orchardproject:orchard:0.8
-
cpe:2.3:a:orchardproject:orchard:0.9
-
cpe:2.3:a:orchardproject:orchard:1.0
-
cpe:2.3:a:orchardproject:orchard:1.0.20
-
cpe:2.3:a:orchardproject:orchard:1.1
-
cpe:2.3:a:orchardproject:orchard:1.1.30
-
cpe:2.3:a:orchardproject:orchard:1.2
-
cpe:2.3:a:orchardproject:orchard:1.2.41
-
cpe:2.3:a:orchardproject:orchard:1.3
-
cpe:2.3:a:orchardproject:orchard:1.3.10
-
cpe:2.3:a:orchardproject:orchard:1.3.9
-
cpe:2.3:a:orchardproject:orchard:1.4
-
cpe:2.3:a:orchardproject:orchard:1.5
-
cpe:2.3:a:orchardproject:orchard:1.5.1
-
cpe:2.3:a:orchardproject:orchard:1.6
-
cpe:2.3:a:orchardproject:orchard:1.7.3
-
cpe:2.3:a:orchardproject:orchard:1.8
-
cpe:2.3:a:orchardproject:orchard:1.8.1
-
cpe:2.3:a:orchardproject:orchard:1.8.2
-
cpe:2.3:a:orchardproject:orchard:1.9