An issue exists in Orchard prior to 1.10. The Media Settings Allowed File Types list field allows an malicious user to add a XSS payload that will execute when users attempt to upload a disallowed file type, causing the error to display.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
orchardproject orchard |