Описание
Inline attribute values were not processed.
Impact
Inline attributes have not been processed escape. If the data that came from users was not processed, then an XSS vulnerability is possible
Patches
Fixed in 9.4.4
Пакеты
Наименование
orchid/platform
composer
Затронутые версииВерсия исправления
>= 9.0.0, < 9.4.4
9.4.4
Связанные уязвимости
CVSS3: 8
nvd
больше 5 лет назад
In platform before version 9.4.4, inline attributes are not properly escaped. If the data that came from users was not escaped, then an XSS vulnerability is possible. The issue was introduced in 9.0.0 and fixed in 9.4.4.