CVE-2022-0274: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

January 21, 2022

Cross-site Scripting (XSS) in NuGet OrchardCore.Application.Cms.Targets.

References

github.com/advisories/GHSA-r8hp-5m7c-jhv4
github.com/orchardcms/orchardcore/commit/218f25ddfadb66a54de7a82dffe3ab2e4ab7c4b4
huntr.dev/bounties/a82a714a-9b71-475e-bfc3-43326fcaf764
nvd.nist.gov/vuln/detail/CVE-2022-0274

Code Behaviors & Features

Detect and mitigate CVE-2022-0274 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →