Orchard Security Update
Background
On April 30, 2013 we released a security update for a discovered non-persistent XSS vulnerability targeting all versions of Orchard. For more information on this kind of vulnerability please read this http://en.wikipedia.org/wiki/Cross-site_scripting.
For the official announcement please read http://docs.orchardproject.net/Documentation/Patch-4-30-2013
Issue
The Comments module provided by default Orchard could in some circumstances let an external website render custom scripts on an Orchard website. As a matter of fact you should never click on buttons from untrusted websites. This vulnerability might ultimately be used to gather your credentials if you further authenticate on the targeted Orchard website.
Action required
Apply the patches provided for your version on the http://orchard.codeplex.com websites in the Downloads section, or update to Orchard 1.6.1.
Mitigation
- If you don't use the Comments module in Orchard, you can simply disable it in the Modules section of the Dashboard.
- If your theme doesn't render the Messages zone, you are also safe, even if the Comments module is activated.
I visit this blog first time and motivate by this well done work.I am really impressed with this blog. It is easy to see that you are passionate about your writing. If only I had your writing ability I look forward to more updates. Extraordinary post keeps up posting such incredible data.Great tips.Thanks for the ideas.
I am so intetrested about this because a friend recommneded this to me.
We obtain education for the growth of body, mind and soul together. As there is close joining among the three terms.
obviously like your web-site however you have to take a look at
the spelling on several of your posts. Many of
them are rife with spelling issues and I to find it very troublesome to
tell the truth however I will certainly come back again.
Pretty nice post. I just stumbled upon your blog and
wished to say that I've really enjoyed browsing your blog
posts. After all I'll be subscribing to your rss feed and I hope you write again very soon!
Hi to all, how is all, I think every one is getting more
from this web page, and your views are pleasant in favor of new people.
I read this article completely concerning the comparison of
newest and earlier technologies, it's awesome article.
Hello colleagues, its enormous post on the topic of teachingand fully explained,
keep it up all the time.
If you are going for best contents like myself, only go to see this site
every day because it offers feature contents,
thanks
I enjoy reading an article that will make men and women think.
Also, thanks for allowing me to comment!
If you want to obtain much from this article then you have to apply these strategies to your won weblog.
It's a pity you don't have a donate button! I'd most certainly donate to this brilliant blog!
I suppose for now i'll settle for book-marking and adding
your RSS feed to my Google account. I look forward to brand
new updates and will talk about this website with my Facebook group.
Chat soon!
It's very straightforward to find out any topic on web as compared to textbooks, as I
found this article at this website.
I really like what you guys are usually up too.
This kind of clever work and reporting! Keep up the awesome works
guys I've added you guys to our blogroll.
You made some really good points there. I checked on the net for additional information about the issue and found most
individuals will go along with your views on this website.
Write more, thats all I have to say. Literally, it seems as though you
relied on the video to make your point. You clearly know what
youre talking about, why waste your intelligence on just posting videos to your blog when you could be giving
us something enlightening to read?
Have you ever considered about adding a little bit more than just
your articles? I mean, what you say is important and everything.
But imagine if you added some great graphics or videos to give
your posts more, "pop"! Your content is excellent but with images and clips, this
site could definitely be one of the greatest in its niche.
Great blog!
This web site certainly has all of the info
I needed concerning this subject and didn't know who to ask.
Every weekend i used to pay a visit this web site, for the reason that i wish for enjoyment, since
this this site conations actually pleasant funny information too.
I blog frequently and I seriously appreciate your content.
This article has really peaked my interest. I'm going to book mark your
website and keep checking for new information about once a
week. I opted in for your RSS feed as well.
Hello there! I know this is somewhat off topic but
I was wondering if you knew where I could get a captcha plugin for my comment
form? I'm using the same blog platform as yours and I'm having difficulty finding one?
Thanks a lot!
Good way of telling, and good post to get facts regarding my presentation focus, which i am going to
convey in academy.
Quality articles is the main to interest the viewers to
go to see the site, that's what this site is providing.
Keep on working, great job!
I read this piece of writing fully about the difference of
hottest and earlier technologies, it's amazing article.
I'm gone to inform my little brother, that he should also pay a visit this weblog on regular basis to take
updated from hottest news update.
You really make it seem so easy with your presentation but I find this matter to be actually something which
I think I would never understand. It seems too complicated and extremely broad
for me. I am looking forward for your next post, I will try to get
the hang of it!
It's awesome in favor of me to have a website, which is
helpful in favor of my knowledge. thanks admin
I've been browsing online more than 3 hours today, yet I never found any interesting article like yours.
It is pretty worth enough for me. In my view, if all site owners and bloggers made good content
as you did, the web will be much more useful than ever before.
This piece of writing offers clear idea in favor of the new visitors of blogging, that genuinely
how to do blogging.
I will immediately seize your rss feed as I can't in finding your e-mail subscription link or e-newsletter
service. Do you have any? Kindly allow me realize
so that I may subscribe. Thanks.
Its like you read my mind! You appear to know so much about
this, like you wrote the book in it or something.
I think that you could do with a few pics to drive the message home a bit, but other than that, this is magnificent blog.
A great read. I'll definitely be back.
I like the helpful info you provide in your articles.
I'll bookmark your weblog and check again here regularly.
I'm quite sure I will learn a lot of new stuff right here!
Good luck for the next!
I absolutely love your blog and find most of your post's to be just what I'm looking for.
Does one offer guest writers to write content for you
personally? I wouldn't mind composing a post or elaborating on some of the subjects you write concerning here.
Again, awesome site!
Wow, marvelous blog layout! How long have you been blogging for?
you make blogging look easy. The overall look of your site is magnificent,
as well as the content!
Greate article. Keep posting such kind of information on your site.
Im really impressed by it.
Hi there, You have performed a fantastic job. I'll definitely digg it and in my opinion suggest to my friends.
I am sure they will be benefited from this site.
I know this web page offers quality dependent content and extra data, is there
any other site which presents these data in quality?
Hello! This post couldn't be written any better! Reading this post
reminds me of my good old room mate! He always kept chatting about this.
I will forward this write-up to him. Fairly certain he will have a good read.
Thank you for sharing!
Hi there! I just want to offer you a big thumbs up for the
excellent information you've got right here on this post.
I will be coming back to your blog for more soon.
Touche. Outstanding arguments. Keep up the good effort.
An outstanding share! I've just forwarded this onto a
friend who has been doing a little research on this.
And he actually bought me dinner due to the fact that I found it for him...
lol. So let me reword this.... Thank YOU for the meal!!
But yeah, thanx for spending the time to talk about
this matter here on your internet site.
Hiya! Quick question that's totally off topic. Do you know how to
make your site mobile friendly? My website looks weird when viewing from my iphone4.
I'm trying to find a template or plugin that might be able to fix this issue.
If you have any suggestions, please share.
Cheers!
Hi there! This post couldn't be written any better! Looking at
this post reminds me of my previous roommate! He continually
kept preaching about this. I am going to send this article to him.
Pretty sure he'll have a very good read. I appreciate you for sharing!
Hello There. I found your weblog the usage of
msn. That is an extremely well written article.
I will make sure to bookmark it and come back to read more of your useful information. Thanks for the
post. I'll definitely comeback.
When I originally commented I clicked the "Notify me when new comments are added" checkbox and now
each time a comment is added I get three e-mails with the same comment.
Is there any way you can remove me from that service?
Cheers!
Write more, thats all I have to say. Literally, it seems as though you relied on the video to make
your point. You obviously know what youre talking about, why waste your intelligence on just posting videos to your site when you could be giving us something informative to read?
My partner and I stumbled over here by a different web page and
thought I may as well check things out. I like what I see so now i'm following
you. Look forward to looking at your web page repeatedly.
Great article.
Wow that was odd. I just wrote an very long comment but
after I clicked submit my comment didn't show up.
Grrrr... well I'm not writing all that over again. Anyways, just wanted
to say fantastic blog!
My developer is trying to convince me to move to .net from
PHP. I have always disliked the idea because of the expenses.
But he's tryiong none the less. I've been using WordPress on various websites for
about a year and am worried about switching to another platform.
I have heard excellent things about blogengine.net. Is there a way I can transfer all my wordpress content into it?
Any kind of help would be greatly appreciated!
I am in fact happy to read this website posts which consists of
plenty of helpful facts, thanks for providing these kinds of data.
Greetings! Very useful advice within this post! It's the little changes that will
make the most significant changes. Thanks for sharing!
Why viewers still make use of to read news papers when in this technological world everything
is presented on net?
Keep on working, great job!
Thanks for sharing your thoughts about ps4 games release.
Regards
I was recommended this website via my cousin. I am now not positive whether this publish is written via him
as no one else recognise such unique about my trouble.
You are amazing! Thank you!
Excellent blog right here! Additionally your website a lot up very fast!
What web host are you the use of? Can I am getting your
affiliate hyperlink in your host? I desire my website loaded up
as quickly as yours lol
Hello, Neat post. There is an issue with your web site in web explorer, would check this?
IE nonetheless is the market leader and a large component of other people will omit your magnificent writing
because of this problem.
Very nice article, exactly what I was looking for.
I'm not sure why but this site is loading very slow for me.
Is anyone else having this issue or is it a issue on my end?
I'll check back later on and see if the problem still exists.
Hello! I just wanted to ask if you ever have any trouble with hackers?
My last blog (wordpress) was hacked and I ended up losing months of hard work due to no backup.
Do you have any methods to protect against hackers?
Excellent article. Keep posting such kind of information on your site.
Im really impressed by your blog.
Hello there, You have performed a great job. I will definitely digg
it and in my opinion recommend to my friends.
I am confident they will be benefited from this site.
We are a group of volunteers and starting a new scheme
in our community. Your site provided us
with useful info to work on. You have done a formidable task and our
entire neighborhood can be grateful to you.
Hiya! Quick question that's entirely off topic. Do you know how to make your site mobile friendly?
My web site looks weird when browsing from my iphone4.
I'm trying to find a theme or plugin that might be able to fix this problem.
If you have any suggestions, please share. Thanks!
I think what you posted made a ton of sense. However, think about this, what if you added a little information? I ain't saying your
information isn't solid., but what if you added a post title that grabbed a person's attention? I mean Orchard
Security Update is a little plain. You should look at Yahoo's front page and note how they create news titles to
grab people interested. You might add a related video or a related picture
or two to get people excited about everything've got to say.
Just my opinion, it might make your website a little livelier.
It is the best time to make some plans for
the future and it's time to be happy. I've read this post and if I could I desire to suggest you some interesting things
or suggestions. Perhaps you could write next articles referring to this article.
I wish to read even more things about it!
The other day, while I was at work, my cousin stole my iPad and tested
to see if it can survive a 30 foot drop, just so she can be a youtube sensation. My apple
ipad is now broken and she has 83 views. I know this
is totally off topic but I had to share it with someone!
I'm not sure where you are getting your info, but great
topic. I needs to spend some time learning more or understanding more.
Thanks for fantastic information I was looking for this information for my mission.
What's up, after reading this awesome paragraph i am also cheerful to share my knowledge here with friends.