Browse all 3 CVE security advisories affecting Orchardcore. AI-powered Chinese analysis, POCs, and references for each vulnerability.
OrchardCore serves as an open-source headless CMS and e-commerce framework built on ASP.NET Core, enabling developers to create modular, customizable web applications. Historically, it has faced vulnerabilities including remote code execution, cross-site scripting, and privilege escalation, often stemming from misconfigurations or input validation flaws. While no major security incidents have been widely documented, the platform's three recorded CVEs highlight potential risks in its extensibility and third-party module ecosystem. Its modular architecture introduces attack surfaces through plugins and themes, requiring careful configuration and regular updates to mitigate risks. Security-conscious implementations should prioritize input sanitization and proper access controls to address common vulnerabilities in such flexible content management systems.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2021-25966 | Orchard Core CMS - Improper Session Termination after Password Change — UsersCWE-613 | 8.8 | High | 2021-10-10 |
This page lists every published CVE security advisory associated with Orchardcore. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.