orocommerce — Vulnerabilities & Security Advisories 5

All 5 CVE vulnerabilities found in orocommerce, with AI-generated Chinese analysis, references, and POCs.

CVE ID	Title	CVSS	Severity	Published
CVE-2023-48296	OroPlatform's storefront user can access history and most viewed data from matching back-office user with the same ID CWE-200	4.3	Medium	2024-03-25
CVE-2023-32065	OroCommerce get-totals-for-checkout API endpoint returns unwanted data CWE-284	5.8	Medium	2023-11-28
CVE-2023-32064	OroCommerce Customer Portal Incorrect Customer and Customer Group Frontend Menus pages visibility CWE-284	5.0	Medium	2023-11-28
CVE-2022-35950	OroCommerce Cross-site Scripting vulnerability in add note dialog of Shopping List line item CWE-79	6.9	Medium	2023-10-09
CVE-2022-31037	OroCommerce vulnerable to Cross-site Scripting via Shipping rule editing page CWE-79	6.9	Medium	2022-10-18

All 5 known CVE vulnerabilities affecting orocommerce with full Chinese analysis, references, and POCs where available.