Support Us — Your donation helps us keep running

Goal: 1000 CNY,Raised: 1000 CNY

100.0%
Donate Now

oroinc — Vulnerabilities & Security Advisories 12

Browse all 12 CVE security advisories affecting oroinc. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top 10 Products oroinc:orocommerceplatformcrm
CVE IDTitleCVSSSeverityPaused
CVE-2023-48296 OroPlatform's storefront user can access history and most viewed data from matching back-office user with the same ID — orocommerceCWE-200 4.3 Medium2024-03-25
CVE-2023-45824 OroPlatform's pinned entity creation form shows pages of other users — platformCWE-200 4.3 Medium2024-03-25
CVE-2023-32065 OroCommerce get-totals-for-checkout API endpoint returns unwanted data — orocommerceCWE-284 5.8 Medium2023-11-28
CVE-2023-32064 OroCommerce Customer Portal Incorrect Customer and Customer Group Frontend Menus pages visibility — orocommerceCWE-284 5.0 Medium2023-11-28
CVE-2023-32063 OroCRMCallBundle has incorrect call view page visibility — crmCWE-284 5.0 Medium2023-11-28
CVE-2023-32062 OroCalendarBundle has incorrect system calendar events visibility — crmCWE-284 5.0 Medium2023-11-27
CVE-2022-41951 OroPlatform vulnerable to path traversal during temporary file manipulations — platformCWE-22 8.6 High2023-11-27
CVE-2022-35950 OroCommerce Cross-site Scripting vulnerability in add note dialog of Shopping List line item — orocommerceCWE-79 6.9 Medium2023-10-09
CVE-2022-31037 OroCommerce vulnerable to Cross-site Scripting via Shipping rule editing page — orocommerceCWE-79 6.9 Medium2022-10-18
CVE-2021-43852 JavaScript Prototype Pollution in oro/platform — platformCWE-74 8.8 High2022-01-04
CVE-2021-41236 XSS vulnerability in oro/platform — platformCWE-79 6.9 Medium2022-01-04
CVE-2021-39198 The disqualify lead action may be executed without CSRF token check — crmCWE-352 4.2 Medium2021-11-19

This page lists every published CVE security advisory associated with oroinc. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.