Browse all 3 CVE security advisories affecting orchidsoftware. AI-powered Chinese analysis, POCs, and references for each vulnerability.
OrchidSoftware develops enterprise workflow automation tools with a core use case of streamlining business processes. Historically, their products have been susceptible to remote code execution, cross-site scripting, and privilege escalation vulnerabilities, often stemming from insufficient input validation and access control flaws. While no major public security incidents have been widely reported, the three documented CVEs highlight persistent weaknesses in their security posture, particularly in web application components and API endpoints. These vulnerabilities could allow attackers to execute arbitrary code, manipulate user sessions, or gain elevated system access, emphasizing the need for robust security hardening practices in their software development lifecycle.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2024-51992 | Method Exposure Vulnerability in Modals in orchid/platform — platformCWE-749 | 4.1 | Medium | 2024-11-11 |
| CVE-2023-36825 | Orchid Deserialization of Untrusted Data vulnerability leads to Remote Code Execution — platformCWE-502 | 9.7 | Critical | 2023-07-11 |
| CVE-2020-15263 | XSS in platform — platformCWE-79 | 8.0 | High | 2020-10-19 |
This page lists every published CVE security advisory associated with orchidsoftware. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.