High severityNVD Advisory· Published Oct 19, 2020· Updated Aug 4, 2024

XSS in platform

CVE-2020-15263

Description

In platform before version 9.4.4, inline attributes are not properly escaped. If the data that came from users was not escaped, then an XSS vulnerability is possible. The issue was introduced in 9.0.0 and fixed in 9.4.4.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
orchid/platformPackagist	>= 9.0.0, < 9.4.4	9.4.4

Affected products

ghsa-coords
pkg:composer/orchid/platform
Range: >= 9.0.0, < 9.4.4
Orchidsoftware/Platformcpe-rescue
Range: >= 9.0.0, < 9.4.4

Patches

Vulnerability mechanics

Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

github.com/advisories/GHSA-589w-hccm-265xghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2020-15263ghsaADVISORY
github.com/orchidsoftware/platform/commit/03f9a113b1a70bc5075ce86a918707f0e7d82169ghsax_refsource_MISCWEB
github.com/orchidsoftware/platform/security/advisories/GHSA-589w-hccm-265xghsax_refsource_CONFIRMWEB

News mentions

No linked articles in our index yet.

cvss	0.455
epss	0.001
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000