cbcvebase.

Orchid Platform vulnerabilities

3 known vulnerabilities affecting orchid/platform.

Total CVEs
3
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1MEDIUM2

Vulnerabilities

Page 1 of 1
CVE-2023-36825P2CRITICALCVSS 9.8≥ 14.0.1, < 14.5.0v14.0.02023-07-11
CVE-2023-36825 [CRITICAL] CWE-502 CVE-2023-36825: Orchid is a Laravel package that allows application development of back-office applications, admin/u Orchid is a Laravel package that allows application development of back-office applications, admin/user panels, and dashboards. A vulnerability present starting in version 14.0.0-alpha4 and prior to version 14.5.0 is related to the deserialization of untrusted data from the `_state` query parameter, which can result in remote code execution. The i
ghsanvdosv
CVE-2020-15263P4MEDIUMCVSS 6.1≥ 9.0.0, < 9.4.42020-10-19
CVE-2020-15263 [MEDIUM] CWE-79 CVE-2020-15263: In platform before version 9.4.4, inline attributes are not properly escaped. If the data that came In platform before version 9.4.4, inline attributes are not properly escaped. If the data that came from users was not escaped, then an XSS vulnerability is possible. The issue was introduced in 9.0.0 and fixed in 9.4.4.
ghsanvdosv
CVE-2024-51992P4MEDIUM≥ 8.0, < 14.43.02024-11-12
CVE-2024-51992 [MEDIUM] CWE-749 Orchid Platform has Method Exposure Vulnerability in Modals Orchid Platform has Method Exposure Vulnerability in Modals ### Impact This vulnerability is a method exposure issue (CWE-749: Exposed Dangerous Method or Function) in the Orchid Platform’s asynchronous modal functionality, affecting users of Orchid Platform version 8 through 14.42.x. Attackers could exploit this vulnerability to call arbitrary methods within the `Screen` class, leading to potential brut
ghsaosv
Orchid Platform vulnerabilities | cvebase