Vulnerabilities > CVE-2020-15263 - Unspecified vulnerability in Orchid Platform
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
LOW Integrity impact
LOW Availability impact
NONE Summary
In platform before version 9.4.4, inline attributes are not properly escaped. If the data that came from users was not escaped, then an XSS vulnerability is possible. The issue was introduced in 9.0.0 and fixed in 9.4.4.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 12 |
References
- https://github.com/orchidsoftware/platform/commit/03f9a113b1a70bc5075ce86a918707f0e7d82169
- https://github.com/orchidsoftware/platform/commit/03f9a113b1a70bc5075ce86a918707f0e7d82169
- https://github.com/orchidsoftware/platform/security/advisories/GHSA-589w-hccm-265x
- https://github.com/orchidsoftware/platform/security/advisories/GHSA-589w-hccm-265x