CVE-2020-37019
Unknown Unknown - Not Provided
Persistent XSS in Orchard Core RC1 Blog Post MarkdownBodyPart

Publication date: 2026-01-30

Last updated on: 2026-01-30

Assigner: VulnCheck

Description
Orchard Core RC1 contains a persistent cross-site scripting vulnerability that allows remote attackers to inject malicious scripts through blog post creation. Attackers can create blog posts with embedded JavaScript in the MarkdownBodyPart.Source parameter to execute arbitrary scripts in victim browsers.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-30
Last Modified
2026-01-30
Generated
2026-06-16
AI Q&A
2026-01-30
EPSS Evaluated
2026-06-14
NVD
CVE-2020-37019
EUVD
EUVD-2020-30959
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
orchardcms orchardcore to 1.0 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2020-37019 is a persistent cross-site scripting (XSS) vulnerability in Orchard Core RC1. It allows remote attackers to inject malicious JavaScript code through the MarkdownBodyPart.Source parameter when creating blog posts. This malicious script is stored and later executed in the browsers of users who view the compromised blog post, enabling arbitrary script execution. [2, 3]

Impact Analysis

This vulnerability can lead to attackers executing arbitrary scripts in the browsers of users who view the infected blog posts. Potential impacts include session hijacking, theft of sensitive information, unauthorized actions performed on behalf of the user, and other malicious activities that compromise user security and privacy. [2, 3]

Detection Guidance

This vulnerability can be detected by monitoring HTTP POST requests to the endpoint `/Admin/Contents/ContentTypes/BlogPost/Create` for suspicious payloads containing script tags or JavaScript code in the `MarkdownBodyPart.Source` parameter. For example, you can use network traffic inspection tools or web server logs to search for POST requests with payloads like `<script>alert(document.cookie)</script>`. A command example using grep on web server logs could be: `grep -i '<script>' /path/to/access.log | grep '/Admin/Contents/ContentTypes/BlogPost/Create'`. Additionally, scanning for the presence of stored scripts in blog posts rendered by Orchard Core could help identify exploitation. [2]

Mitigation Strategies

Immediate mitigation steps include applying the vendor-provided hotfix or patch that restricts rendering of <script> tags by default in content parts, as discussed in the Orchard Core GitHub issue #5802. Ensure that only authorized users (Editors) have permission to edit front-end templates and inject custom scripts, while restricting Contributors from doing so. Implement filtering or sanitization of input in the `MarkdownBodyPart.Source` parameter to prevent script injection. If a patch is not yet applied, consider disabling blog post creation or editing features for untrusted users until the fix is deployed. [1, 2]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2020-37019. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart