CVE-2020-15263

Severity CVSS v4.0:
Pending analysis
Type:
CWE-79 Cross-Site Scripting (XSS)
Publication date:
19/10/2020
Last modified:
22/10/2020

Description

In platform before version 9.4.4, inline attributes are not properly escaped. If the data that came from users was not escaped, then an XSS vulnerability is possible. The issue was introduced in 9.0.0 and fixed in 9.4.4.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:orchid:platform:*:*:*:*:*:*:*:* 9.0.0 (including) 9.4.4 (excluding)