Packagist (Composer) package
orchid/platform
pkg:composer/orchid/platform
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-51992 | Med | 4.1 | >= 8.0, < 14.43.0 | 14.43.0 | Nov 11, 2024 | Orchid is a @laravel package that allows for rapid application development of back-office applications, admin/user panels, and dashboards. This vulnerability is a method exposure issue (CWE-749: Exposed Dangerous Method or Function) in the Orchid Platform’s asynchronous modal fun | |
| CVE-2023-36825 | — | >= 14.0.0-alpha4, < 14.5.0 | 14.5.0 | Jul 11, 2023 | Orchid is a Laravel package that allows application development of back-office applications, admin/user panels, and dashboards. A vulnerability present starting in version 14.0.0-alpha4 and prior to version 14.5.0 is related to the deserialization of untrusted data from the `_sta | ||
| CVE-2020-15263 | — | >= 9.0.0, < 9.4.4 | 9.4.4 | Oct 19, 2020 | In platform before version 9.4.4, inline attributes are not properly escaped. If the data that came from users was not escaped, then an XSS vulnerability is possible. The issue was introduced in 9.0.0 and fixed in 9.4.4. |
- affected >= 8.0, < 14.43.0fixed 14.43.0
Orchid is a @laravel package that allows for rapid application development of back-office applications, admin/user panels, and dashboards. This vulnerability is a method exposure issue (CWE-749: Exposed Dangerous Method or Function) in the Orchid Platform’s asynchronous modal fun
- CVE-2023-36825Jul 11, 2023affected >= 14.0.0-alpha4, < 14.5.0fixed 14.5.0
Orchid is a Laravel package that allows application development of back-office applications, admin/user panels, and dashboards. A vulnerability present starting in version 14.0.0-alpha4 and prior to version 14.5.0 is related to the deserialization of untrusted data from the `_sta
- CVE-2020-15263Oct 19, 2020affected >= 9.0.0, < 9.4.4fixed 9.4.4
In platform before version 9.4.4, inline attributes are not properly escaped. If the data that came from users was not escaped, then an XSS vulnerability is possible. The issue was introduced in 9.0.0 and fixed in 9.4.4.