61 matches found
CVE-2023-45824
OroPlatform is a PHP Business Application Platform BAP. A logged in user can access page state data of pinned pages of other users by pageId hash. This vulnerability is fixed in 5.1.4...
CVE-2021-41236
OroPlatform is a PHP Business Application Platform. In affected versions the email template preview is vulnerable to XSS payload added to email template content. An attacker must have permission to create or edit an email template. For successful payload, execution the attacked user must preview ...
EUVD-2022-0678
Malicious code in bioql PyPI...
EUVD-2023-3058
Malicious code in bioql PyPI...
EUVD-2023-2940
Malicious code in bioql PyPI...
EUVD-2024-1012
Malicious code in bioql PyPI...
EUVD-2024-1018
Malicious code in bioql PyPI...
CVE-2024-50677
A cross-site scripting XSS vulnerability in OroPlatform CMS v5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Search parameter...
CVE-2023-32062
OroPlatform is a package that assists system and user calendar management. Back-office users can access information from any system calendar event, bypassing ACL security restrictions due to insufficient security checks. This vulnerability has been patched in version 5.1.1...
CVE-2022-41951
OroPlatform is a PHP Business Application Platform BAP designed to make development of custom business applications easier and faster. Path Traversal is possible in Oro\Bundle\GaufretteBundle\FileManager::getTemporaryFileName. With this method, an attacker can pass the path to a non-existent file...
CVE-2024-50677
A cross-site scripting XSS vulnerability in OroPlatform CMS v5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Search parameter...
CVE-2024-50677
A cross-site scripting XSS vulnerability in OroPlatform CMS v5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Search parameter...
CVE-2024-50677
A cross-site scripting XSS vulnerability in OroPlatform CMS v5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Search parameter...
PT-2024-34389 · Oro · Oroplatform Cms
Name of the Vulnerable Software and Affected Versions: OroPlatform CMS version 5.1 Description: A cross-site scripting XSS issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Search parameter. This enables attackers to potentially manipulate...
CVE-2024-50677
CVE-2024-50677 describes a cross-site scripting (XSS) vulnerability in OroPlatform CMS v5.1 where an attacker can inject a crafted payload into the Search parameter to execute arbitrary web scripts or HTML. The root cause is improper handling/validation of user input in the search functionality, ...
CVE-2024-50677
A cross-site scripting XSS vulnerability in OroPlatform CMS v5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Search parameter...
OroPlatform 安全漏洞
OroPlatform is an Oro open source PHP Business Application Platform BAP designed to make custom business application development easier and faster. A security vulnerability exists in OroPlatform version v5.1, which stems from vulnerability to cross-site scripting attacks, where an attacker can...
Open Redirection
OroPlatform is vulnerable to Open Redirection. The vulnerability is due to improper validation of URLs, allowing attackers to redirect users to external websites...
GHSA-3VHM-Q4W3-RW8Q OroPlatform Forced Redirect to External Website
OroPlatform is prone to open redirection which could allow attackers to redirect users to external website...
OroPlatform Forced Redirect to External Website
OroPlatform is prone to open redirection which could allow attackers to redirect users to external website...