CVE-2020-15263

Cross-site Scripting in packagist/orchid/platform

Identifiers

CVE-2020-15263, GHSA-589w-hccm-265x

Package Slug

packagist/orchid/platform

Vulnerability

Cross-site Scripting

Description

In Orchid Platform, inline attributes are not properly escaped. If the data that came from users was not escaped, then an XSS vulnerability is possible. The issue was introduced and fixed

Affected Versions

All versions starting from 9.0.0 before 9.4.4

Solution

Upgrade to version 9.4.4 or above.

Last Modified

2020-10-23

source