Orchard Security Update
Background
On April 30, 2013 we released a security update for a discovered non-persistent XSS vulnerability targeting all versions of Orchard. For more information on this kind of vulnerability please read this http://en.wikipedia.org/wiki/Cross-site_scripting.
For the official announcement please read http://docs.orchardproject.net/Documentation/Patch-4-30-2013
Issue
The Comments module provided by default Orchard could in some circumstances let an external website render custom scripts on an Orchard website. As a matter of fact you should never click on buttons from untrusted websites. This vulnerability might ultimately be used to gather your credentials if you further authenticate on the targeted Orchard website.
Action required
Apply the patches provided for your version on the http://orchard.codeplex.com websites in the Downloads section, or update to Orchard 1.6.1.
Mitigation
- If you don't use the Comments module in Orchard, you can simply disable it in the Modules section of the Dashboard.
- If your theme doesn't render the Messages zone, you are also safe, even if the Comments module is activated.
I visit this blog first time and motivate by this well done work.I am really impressed with this blog. It is easy to see that you are passionate about your writing. If only I had your writing ability I look forward to more updates. Extraordinary post keeps up posting such incredible data.Great tips.Thanks for the ideas.
I am so intetrested about this because a friend recommneded this to me.
We obtain education for the growth of body, mind and soul together. As there is close joining among the three terms.
obviously like your web-site however you have to take a look at
the spelling on several of your posts. Many of
them are rife with spelling issues and I to find it very troublesome to
tell the truth however I will certainly come back again.
Pretty nice post. I just stumbled upon your blog and
wished to say that I've really enjoyed browsing your blog
posts. After all I'll be subscribing to your rss feed and I hope you write again very soon!
Hi to all, how is all, I think every one is getting more
from this web page, and your views are pleasant in favor of new people.
I read this article completely concerning the comparison of
newest and earlier technologies, it's awesome article.
Hello colleagues, its enormous post on the topic of teachingand fully explained,
keep it up all the time.
If you are going for best contents like myself, only go to see this site
every day because it offers feature contents,
thanks
I enjoy reading an article that will make men and women think.
Also, thanks for allowing me to comment!
If you want to obtain much from this article then you have to apply these strategies to your won weblog.
It's a pity you don't have a donate button! I'd most certainly donate to this brilliant blog!
I suppose for now i'll settle for book-marking and adding
your RSS feed to my Google account. I look forward to brand
new updates and will talk about this website with my Facebook group.
Chat soon!
It's very straightforward to find out any topic on web as compared to textbooks, as I
found this article at this website.
I really like what you guys are usually up too.
This kind of clever work and reporting! Keep up the awesome works
guys I've added you guys to our blogroll.
You made some really good points there. I checked on the net for additional information about the issue and found most
individuals will go along with your views on this website.
Write more, thats all I have to say. Literally, it seems as though you
relied on the video to make your point. You clearly know what
youre talking about, why waste your intelligence on just posting videos to your blog when you could be giving
us something enlightening to read?
Have you ever considered about adding a little bit more than just
your articles? I mean, what you say is important and everything.
But imagine if you added some great graphics or videos to give
your posts more, "pop"! Your content is excellent but with images and clips, this
site could definitely be one of the greatest in its niche.
Great blog!
This web site certainly has all of the info
I needed concerning this subject and didn't know who to ask.
Every weekend i used to pay a visit this web site, for the reason that i wish for enjoyment, since
this this site conations actually pleasant funny information too.
I blog frequently and I seriously appreciate your content.
This article has really peaked my interest. I'm going to book mark your
website and keep checking for new information about once a
week. I opted in for your RSS feed as well.
Hello there! I know this is somewhat off topic but
I was wondering if you knew where I could get a captcha plugin for my comment
form? I'm using the same blog platform as yours and I'm having difficulty finding one?
Thanks a lot!
Good way of telling, and good post to get facts regarding my presentation focus, which i am going to
convey in academy.
Quality articles is the main to interest the viewers to
go to see the site, that's what this site is providing.
Keep on working, great job!
I read this piece of writing fully about the difference of
hottest and earlier technologies, it's amazing article.
I'm gone to inform my little brother, that he should also pay a visit this weblog on regular basis to take
updated from hottest news update.
You really make it seem so easy with your presentation but I find this matter to be actually something which
I think I would never understand. It seems too complicated and extremely broad
for me. I am looking forward for your next post, I will try to get
the hang of it!
It's awesome in favor of me to have a website, which is
helpful in favor of my knowledge. thanks admin
I've been browsing online more than 3 hours today, yet I never found any interesting article like yours.
It is pretty worth enough for me. In my view, if all site owners and bloggers made good content
as you did, the web will be much more useful than ever before.
This piece of writing offers clear idea in favor of the new visitors of blogging, that genuinely
how to do blogging.
I will immediately seize your rss feed as I can't in finding your e-mail subscription link or e-newsletter
service. Do you have any? Kindly allow me realize
so that I may subscribe. Thanks.
Its like you read my mind! You appear to know so much about
this, like you wrote the book in it or something.
I think that you could do with a few pics to drive the message home a bit, but other than that, this is magnificent blog.
A great read. I'll definitely be back.
I like the helpful info you provide in your articles.
I'll bookmark your weblog and check again here regularly.
I'm quite sure I will learn a lot of new stuff right here!
Good luck for the next!
I absolutely love your blog and find most of your post's to be just what I'm looking for.
Does one offer guest writers to write content for you
personally? I wouldn't mind composing a post or elaborating on some of the subjects you write concerning here.
Again, awesome site!
Wow, marvelous blog layout! How long have you been blogging for?
you make blogging look easy. The overall look of your site is magnificent,
as well as the content!
Greate article. Keep posting such kind of information on your site.
Im really impressed by it.
Hi there, You have performed a fantastic job. I'll definitely digg it and in my opinion suggest to my friends.
I am sure they will be benefited from this site.
I know this web page offers quality dependent content and extra data, is there
any other site which presents these data in quality?
Hello! This post couldn't be written any better! Reading this post
reminds me of my good old room mate! He always kept chatting about this.
I will forward this write-up to him. Fairly certain he will have a good read.
Thank you for sharing!
Hi there! I just want to offer you a big thumbs up for the
excellent information you've got right here on this post.
I will be coming back to your blog for more soon.
Touche. Outstanding arguments. Keep up the good effort.
An outstanding share! I've just forwarded this onto a
friend who has been doing a little research on this.
And he actually bought me dinner due to the fact that I found it for him...
lol. So let me reword this.... Thank YOU for the meal!!
But yeah, thanx for spending the time to talk about
this matter here on your internet site.
Hiya! Quick question that's totally off topic. Do you know how to
make your site mobile friendly? My website looks weird when viewing from my iphone4.
I'm trying to find a template or plugin that might be able to fix this issue.
If you have any suggestions, please share.
Cheers!
Hi there! This post couldn't be written any better! Looking at
this post reminds me of my previous roommate! He continually
kept preaching about this. I am going to send this article to him.
Pretty sure he'll have a very good read. I appreciate you for sharing!
Hello There. I found your weblog the usage of
msn. That is an extremely well written article.
I will make sure to bookmark it and come back to read more of your useful information. Thanks for the
post. I'll definitely comeback.
When I originally commented I clicked the "Notify me when new comments are added" checkbox and now
each time a comment is added I get three e-mails with the same comment.
Is there any way you can remove me from that service?
Cheers!
Write more, thats all I have to say. Literally, it seems as though you relied on the video to make
your point. You obviously know what youre talking about, why waste your intelligence on just posting videos to your site when you could be giving us something informative to read?
My partner and I stumbled over here by a different web page and
thought I may as well check things out. I like what I see so now i'm following
you. Look forward to looking at your web page repeatedly.
Great article.
Wow that was odd. I just wrote an very long comment but
after I clicked submit my comment didn't show up.
Grrrr... well I'm not writing all that over again. Anyways, just wanted
to say fantastic blog!
My developer is trying to convince me to move to .net from
PHP. I have always disliked the idea because of the expenses.
But he's tryiong none the less. I've been using WordPress on various websites for
about a year and am worried about switching to another platform.
I have heard excellent things about blogengine.net. Is there a way I can transfer all my wordpress content into it?
Any kind of help would be greatly appreciated!
I am in fact happy to read this website posts which consists of
plenty of helpful facts, thanks for providing these kinds of data.
Greetings! Very useful advice within this post! It's the little changes that will
make the most significant changes. Thanks for sharing!
Why viewers still make use of to read news papers when in this technological world everything
is presented on net?
Keep on working, great job!
Thanks for sharing your thoughts about ps4 games release.
Regards
I was recommended this website via my cousin. I am now not positive whether this publish is written via him
as no one else recognise such unique about my trouble.
You are amazing! Thank you!
Excellent blog right here! Additionally your website a lot up very fast!
What web host are you the use of? Can I am getting your
affiliate hyperlink in your host? I desire my website loaded up
as quickly as yours lol
Hello, Neat post. There is an issue with your web site in web explorer, would check this?
IE nonetheless is the market leader and a large component of other people will omit your magnificent writing
because of this problem.
Very nice article, exactly what I was looking for.
I'm not sure why but this site is loading very slow for me.
Is anyone else having this issue or is it a issue on my end?
I'll check back later on and see if the problem still exists.
Hello! I just wanted to ask if you ever have any trouble with hackers?
My last blog (wordpress) was hacked and I ended up losing months of hard work due to no backup.
Do you have any methods to protect against hackers?
Excellent article. Keep posting such kind of information on your site.
Im really impressed by your blog.
Hello there, You have performed a great job. I will definitely digg
it and in my opinion recommend to my friends.
I am confident they will be benefited from this site.
We are a group of volunteers and starting a new scheme
in our community. Your site provided us
with useful info to work on. You have done a formidable task and our
entire neighborhood can be grateful to you.
Hiya! Quick question that's entirely off topic. Do you know how to make your site mobile friendly?
My web site looks weird when browsing from my iphone4.
I'm trying to find a theme or plugin that might be able to fix this problem.
If you have any suggestions, please share. Thanks!
I think what you posted made a ton of sense. However, think about this, what if you added a little information? I ain't saying your
information isn't solid., but what if you added a post title that grabbed a person's attention? I mean Orchard
Security Update is a little plain. You should look at Yahoo's front page and note how they create news titles to
grab people interested. You might add a related video or a related picture
or two to get people excited about everything've got to say.
Just my opinion, it might make your website a little livelier.
It is the best time to make some plans for
the future and it's time to be happy. I've read this post and if I could I desire to suggest you some interesting things
or suggestions. Perhaps you could write next articles referring to this article.
I wish to read even more things about it!
The other day, while I was at work, my cousin stole my iPad and tested
to see if it can survive a 30 foot drop, just so she can be a youtube sensation. My apple
ipad is now broken and she has 83 views. I know this
is totally off topic but I had to share it with someone!
I'm not sure where you are getting your info, but great
topic. I needs to spend some time learning more or understanding more.
Thanks for fantastic information I was looking for this information for my mission.
What's up, after reading this awesome paragraph i am also cheerful to share my knowledge here with friends.
For latest news you have to pay a visit web and on the web I found this site as a most excellent web page for newest updates.
Thanks designed for sharing such a good thought, post is good, thats why i have read it entirely
May I simply say what a comfort to discover somebody that actually
understands what they are discussing online. You actually realize how
to bring a problem to light and make it important.
More and more people really need to read this and understand this side of the story.
It's surprising you aren't more popular because you surely possess the gift.
Hello there, I do think your blog might be having
internet browser compatibility problems. When I take a look at your web site in Safari, it looks fine however, when opening in IE, it's got some overlapping issues.
I merely wanted to give you a quick heads up! Apart from that, great blog!
Magnificent goods from you, man. I've understand your stuff previous to and you're just
extremely wonderful. I really like what you have acquired
here, really like what you're stating and the way in which you say it.
You make it enjoyable and you still care for
to keep it wise. I can't wait to read far more from you.
This is actually a great website.
If some one wants expert view about running a blog then i suggest
him/her to pay a quick visit this website, Keep up the
pleasant job.
There is certainly a lot to learn about this topic.
I like all of the points you made.
This paragraph is actually a pleasant one it
assists new web viewers, who are wishing in favor of blogging.
Howdy would you mind letting me know which webhost you're working with?
I've loaded your blog in 3 different browsers and I
must say this blog loads a lot quicker then most.
Can you recommend a good web hosting provider at a reasonable price?
Many thanks, I appreciate it!
Hi there! This post could not be written any better!
Looking through this post reminds me of my previous roommate!
He continually kept talking about this. I most
certainly will forward this information to him.
Pretty sure he'll have a very good read. I appreciate you for sharing!
When I initially commented I seem to have clicked the -Notify me
when new comments are added- checkbox and from now on every time a comment is added I get four emails with the same comment.
Perhaps there is a way you are able to remove me from that service?
Many thanks!
Awesome post.
Good day! I know this is kinda off topic but I'd figured I'd ask.
Would you be interested in exchanging links or maybe
guest writing a blog article or vice-versa? My site covers a lot of
the same topics as yours and I believe we could greatly benefit from each other.
If you're interested feel free to send me an e-mail. I
look forward to hearing from you! Wonderful blog by
the way!
Wonderful article! We are linking to this particularly great post on our site.
Keep up the good writing.
Pretty nice post. I simply stumbled upon your weblog
and wished to mention that I have truly loved browsing your weblog posts.
In any case I will be subscribing for your rss feed and
I'm hoping you write once more soon!
Hey I know this is off topic but I was wondering if you knew of any widgets I could add to my blog that automatically tweet my
newest twitter updates. I've been looking for a plug-in like this for quite some time and was hoping maybe you would
have some experience with something like this. Please let me know
if you run into anything. I truly enjoy reading your blog and I look forward
to your new updates.
Fastidious answers in return of this matter with genuine arguments and explaining all about
that.
This is a great tip especially to those new to the blogosphere.
Simple but very precise info… Many thanks for sharing this one.
A must read article!
Spot on with this write-up, I truly believe this web site
needs far more attention. I'll probably be returning to read more, thanks for the advice!
Currently it appears like Expression Engine is the preferred blogging platform available right now.
(from what I've read) Is that what you're using on your blog?
Hey! Someone in my Myspace group shared this website
with us so I came to look it over. I'm definitely loving the
information. I'm book-marking and will be tweeting this to my followers!
Superb blog and wonderful design.
I think what you typed was very reasonable. But, think
on this, suppose you were to write a awesome headline?
I am not suggesting your content isn't good., however suppose you added a title to maybe
get people's attention? I mean Orchard Security Update is kinda boring.
You could glance at Yahoo's front page and see how they create news titles to grab people interested.
You might add a related video or a related picture or two to grab readers interested about everything've got to
say. Just my opinion, it might make your website a little livelier.
I visited multiple websites however the audio quality for audio songs
current at this web site is really superb. pof natalielise
There's definately a great deal to find out about this issue.
I really like all of the points you made.
It's going to be end of mine day, however before ending I am reading this
fantastic article to improve my knowledge.
What i don't understood is actually how you are no longer actually much more smartly-liked than you may be right now.
You're very intelligent. You understand thus considerably
with regards to this topic, produced me personally consider it from a lot of
various angles. Its like men and women are not involved
except it's one thing to accomplish with Girl gaga! Your personal stuffs outstanding.
All the time deal with it up!
I am really delighted to read this blog posts which includes plenty
of helpful facts, thanks for providing these statistics.
Very nice post. I just stumbled upon your weblog and wished to say that I've truly enjoyed surfing around your blog posts.
After all I will be subscribing to your rss feed and I hope you write again very soon!
I was recommended this blog by way of my cousin. I
am now not sure whether this submit is written via him as
nobody else realize such exact about my trouble. You're wonderful!
Thanks! natalielise plenty of fish
When someone writes an post he/she keeps the thought of a
user in his/her brain that how a user can understand it.
Therefore that's why this piece of writing is perfect.
Thanks!
That is very attention-grabbing, You are an excessively professional blogger.
I've joined your feed and sit up for searching for more of your great post.
Additionally, I have shared your website in my social networks
It's really a cool and useful piece of information. I am satisfied that you simply
shared this helpful info with us. Please keep us up to date like
this. Thanks for sharing.
Simply desire to say your article is as astounding. The clarity in your
post is simply cool and i could assume you're an expert on this subject.
Well with your permission let me to grab your RSS feed to
keep up to date with forthcoming post. Thanks a million and please continue the rewarding work.
It's wonderful that you are getting ideas from this paragraph as well as from our argument
made here.
I am sure this piece of writing has touched all the internet people,
its really really pleasant post on building up new
webpage.
I've read several excellent stuff here. Certainly price bookmarking
for revisiting. I wonder how a lot effort you set to create the sort of magnificent informative site.
When someone writes an piece of writing he/she maintains the image of a user in his/her
mind that how a user can understand it. So that's why this
paragraph is great. Thanks! natalielise pof
Woah! I'm really loving the template/theme of this website.
It's simple, yet effective. A lot of times it's very hard to get that "perfect balance"
between user friendliness and visual appeal. I must say you have done
a amazing job with this. In addition, the blog loads super fast for me on Safari.
Superb Blog! natalielise pof
I like the helpful information you provide in your
articles. I will bookmark your weblog and check again here frequently.
I am quite sure I'll learn lots of new stuff right here!
Good luck for the next!
Howdy would you mind letting me know which webhost you're working with?
I've loaded your blog in 3 different browsers and I must
say this blog loads a lot faster then most. Can you recommend a good internet hosting provider at a honest price?
Thanks a lot, I appreciate it!
Hey There. I found your weblog the usage of msn. This is an extremely neatly written article.
I'll be sure to bookmark it and return to read more
of your useful info. Thank you for the post. I will certainly return. pof natalielise
Great beat ! I wish to apprentice even as you amend your web site,
how can i subscribe for a weblog website? The account helped me a
applicable deal. I were a little bit familiar of this your broadcast provided
vibrant clear idea
At this time it sounds like Movable Type is the best blogging platform available right
now. (from what I've read) Is that what you are using on your blog?
I'm really enjoying the design and layout of your website.
It's a very easy on the eyes which makes it much more pleasant for me to come here and visit more often. Did you hire out
a developer to create your theme? Exceptional work!
Wonderful goods from you, man. I've understand your stuff previous to and you are just
extremely great. I really like what you have acquired
here, certainly like what you are saying and the way in which you say it.
You make it enjoyable and you still care for to keep it wise.
I can not wait to read far more from you. This is really a wonderful website.
Hi are using Wordpress for your site platform? I'm new to the blog
world but I'm trying to get started and set up my own. Do you need any coding knowledge
to make your own blog? Any help would be greatly
appreciated!
I always spent my half an hour to read this blog's articles every day along
with a mug of coffee.
Hmm is anyone else experiencing problems with the images on this blog loading?
I'm trying to find out if its a problem on my end or if it's the blog.
Any feed-back would be greatly appreciated.
you are in point of fact a good webmaster. The site loading speed is amazing.
It sort of feels that you are doing any distinctive trick.
In addition, The contents are masterpiece. you've performed a wonderful process on this topic!
Asking questions are really pleasant thing if you are not
understanding anything totally, except this post gives pleasant understanding even.
Hello! I've been following your blog for a long
time now and finally got the courage to go ahead and give you a
shout out from Huffman Tx! Just wanted to say keep up the good job!
Hello my family member! I want to say that this article is awesome, great written and come with approximately all important infos.
I would like to look extra posts like this .
Hey there! I know this is kind of off topic but I was wondering if you
knew where I could find a captcha plugin for my comment form?
I'm using the same blog platform as yours and I'm
having trouble finding one? Thanks a lot!
It is appropriate time to make some plans for the future and it is time
to be happy. I've read this post and if I could I desire to suggest
you some interesting things or advice. Perhaps you can write next articles referring to this article.
I want to read more things about it!
Fantastic blog! Do you have any hints for aspiring writers?
I'm hoping to start my own blog soon but I'm a little lost on everything.
Would you advise starting with a free platform like Wordpress or go
for a paid option? There are so many choices out there that I'm totally confused ..
Any suggestions? Thanks!
It's impressive that you are getting thoughts from this post as well as from our argument made at
this time.
Hello there! This is my 1st comment here
so I just wanted to give a quick shout out and say I truly enjoy reading through your posts.
Can you recommend any other blogs/websites/forums
that deal with the same subjects? Thanks a lot!
I am regular reader, how are you everybody? This piece of writing posted at this website is in fact
fastidious.
I absolutely love your blog.. Great colors & theme.
Did you build this amazing site yourself? Please reply back as I'm
planning to create my very own blog and would love to
learn where you got this from or just what the
theme is called. Thanks!
Thank you for the auspicious writeup. It in truth was a entertainment account it.
Glance advanced to far introduced agreeable from you! By the way, how could we keep in touch?
great points altogether, you simply received a new reader. What might you
suggest about your post that you simply made some days in the past?
Any positive?
This post will help the internet people for creating new webpage
or even a weblog from start to end.
fantastic points altogether, you simply gained a
brand new reader. What might you suggest in regards to your submit that
you made a few days in the past? Any certain?
I’m not that much of a online reader to be honest but your
sites really nice, keep it up! I'll go ahead and bookmark your site to come back
later. Cheers