CVE-2020-15263 — HIGH (8.0)

Q: How severe is CVE-2020-15263?

CVE-2020-15263 has been rated HIGH with a CVSS base score of 8.0/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2020-15263?

Check the references section above for vendor advisories and patch information. Affected products include: Orchid Platform.

Vulnerability Description

In platform before version 9.4.4, inline attributes are not properly escaped. If the data that came from users was not escaped, then an XSS vulnerability is possible. The issue was introduced in 9.0.0 and fixed in 9.4.4.

CVSS Score

8.0

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

NONE

Affected Products

Vendor	Product	Versions
Orchid	Platform	>= 9.0.0, < 9.4.4

Related Weaknesses (CWE)

CWE-79

References

https://github.com/orchidsoftware/platform/commit/03f9a113b1a70bc5075ce86a918707PatchThird Party Advisory
https://github.com/orchidsoftware/platform/security/advisories/GHSA-589w-hccm-26Third Party Advisory
https://github.com/orchidsoftware/platform/commit/03f9a113b1a70bc5075ce86a918707PatchThird Party Advisory
https://github.com/orchidsoftware/platform/security/advisories/GHSA-589w-hccm-26Third Party Advisory

FAQ

What is CVE-2020-15263?

CVE-2020-15263 is a vulnerability with a CVSS score of 8.0 (HIGH). In platform before version 9.4.4, inline attributes are not properly escaped. If the data that came from users was not escaped, then an XSS vulnerability is possible. The issue was introduced in 9.0.0...

How severe is CVE-2020-15263?

CVE-2020-15263 has been rated HIGH with a CVSS base score of 8.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-15263?

Check the references section above for vendor advisories and patch information. Affected products include: Orchid Platform.