CVE-2020-15263, GHSA-589w-hccm-265x
packagist/orchid/platform
Cross-site Scripting
In Orchid Platform, inline attributes are not properly escaped. If the data that came from users was not escaped, then an XSS vulnerability is possible. The issue was introduced and fixed
All versions starting from 9.0.0 before 9.4.4
Upgrade to version 9.4.4 or above.
2020-10-23
source |