2 matches found
CVE-2020-15263
The CVE-2020-15263 entry describes an XSS vulnerability in the orchid/platform (and related variants) prior to version 9.4.4. The issue arises when inline attributes are not properly escaped, allowing cross-site scripting if user-provided data is not escaped. Affected versions range from 9.0.0 up...
CVE-2023-36825
Summary: CVE-2023-36825 affects the Orchid Laravel package prior to version 14.5.0. Root cause: deserialization of untrusted data from the _state query parameter. Impact: potential remote code execution. Status and remediation: patched in version 14.5.0; users should upgrade to 14.5.0 or any late...