61 matches found
CVE-2022-41951
OroPlatform is a PHP Business Application Platform BAP designed to make development of custom business applications easier and faster. Path Traversal is possible in Oro\Bundle\GaufretteBundle\FileManager::getTemporaryFileName. With this method, an attacker can pass the path to a non-existent file...
Path traversal
OroPlatform is a PHP Business Application Platform BAP designed to make development of custom business applications easier and faster. Path Traversal is possible in Oro\Bundle\GaufretteBundle\FileManager::getTemporaryFileName. With this method, an attacker can pass the path to a non-existent file...
CVE-2023-32062
CVE-2023-32062 affects OroPlatform/OroCalendarBundle where back-office users can access information from any system calendar event due to insufficient ACL checks. The issue is described across multiple sources (including Veracode and RH Red Hat) as an improper access control vulnerability in the ...
CVE-2023-32062 OroCalendarBundle has incorrect system calendar events visibility
OroPlatform is a package that assists system and user calendar management. Back-office users can access information from any system calendar event, bypassing ACL security restrictions due to insufficient security checks. This vulnerability has been patched in version 5.1.1...
CVE-2022-41951 OroPlatform vulnerable to path traversal during temporary file manipulations
OroPlatform is a PHP Business Application Platform BAP designed to make development of custom business applications easier and faster. Path Traversal is possible in Oro\Bundle\GaufretteBundle\FileManager::getTemporaryFileName. With this method, an attacker can pass the path to a non-existent file...
CVE-2022-41951
CVE-2022-41951 – Path traversal in OroPlatform is caused by a vulnerability in the file manager routine getTemporaryFileName in Oro\Bundle\GaufretteBundle\FileManager, which could allow an attacker to write to a new file by supplying a path to a non-existent file. The root cause involves unsafe h...
CVE-2022-41951 OroPlatform vulnerable to path traversal during temporary file manipulations
OroPlatform is a PHP Business Application Platform BAP designed to make development of custom business applications easier and faster. Path Traversal is possible in Oro\Bundle\GaufretteBundle\FileManager::getTemporaryFileName. With this method, an attacker can pass the path to a non-existent file...
OroPlatform Path Traversal Vulnerability
OroPlatform is a PHP Business Application Platform BAP designed to make the development of custom business applications easier and faster. A path traversal vulnerability exists in OroPlatform versions prior to 5.0.9, which stems from the presence of a path traversal vulnerability that allows an...
PT-2023-14046 · Oro · Oroplatform
Name of the Vulnerable Software and Affected Versions: OroPlatform versions prior to 5.0.9 Description: Path Traversal is possible in OroBundleGaufretteBundleFileManager::getTemporaryFileName. With this method, an attacker can pass the path to a non-existent file, which will allow writing the...
PT-2023-23576 · Unknown · Oroplatform
Name of the Vulnerable Software and Affected Versions: OroPlatform versions prior to 5.1.1 Description: The issue affects the OroPlatform package, which is used for system and user calendar management. It allows back-office users to access information from any system calendar event, bypassing ACL...
CVE-2021-43852
OroPlatform is a PHP Business Application Platform. In affected versions by sending a specially crafted request, an attacker could inject properties into existing JavaScript language construct prototypes, such as objects. Later this injection may lead to JS code execution by libraries that are...
CVE-2021-43852
OroPlatform is a PHP Business Application Platform. In affected versions by sending a specially crafted request, an attacker could inject properties into existing JavaScript language construct prototypes, such as objects. Later this injection may lead to JS code execution by libraries that are...
Code injection
OroPlatform is a PHP Business Application Platform. In affected versions by sending a specially crafted request, an attacker could inject properties into existing JavaScript language construct prototypes, such as objects. Later this injection may lead to JS code execution by libraries that are...
CVE-2021-43852
CVE-2021-43852 (OroPlatform) : A prototype pollution flaw allows an attacker to inject properties into JavaScript prototypes (e.g., Object prototypes) via specially crafted requests, potentially enabling JS code execution by vulnerable libraries. The issue is mitigated by patching to version 4.2....
CVE-2021-43852 JavaScript Prototype Pollution in oro/platform
OroPlatform is a PHP Business Application Platform. In affected versions by sending a specially crafted request, an attacker could inject properties into existing JavaScript language construct prototypes, such as objects. Later this injection may lead to JS code execution by libraries that are...
CVE-2021-41236
OroPlatform is a PHP Business Application Platform. In affected versions the email template preview is vulnerable to XSS payload added to email template content. An attacker must have permission to create or edit an email template. For successful payload, execution the attacked user must preview ...
CVE-2021-41236
OroPlatform is a PHP Business Application Platform. In affected versions the email template preview is vulnerable to XSS payload added to email template content. An attacker must have permission to create or edit an email template. For successful payload, execution the attacked user must preview ...
CVE-2021-41236 XSS vulnerability in oro/platform
OroPlatform is a PHP Business Application Platform. In affected versions the email template preview is vulnerable to XSS payload added to email template content. An attacker must have permission to create or edit an email template. For successful payload, execution the attacked user must preview ...
CVE-2021-41236
CVE-2021-41236 affects the OroPlatform PHP Business Application Platform. The vulnerability lies in the email template preview function, where an XSS payload placed in email template content can execute when a user previews the template. An attacker must have permission to create or edit an email...
OroPlatform 注入漏洞
OroPlatform is a PHP Business Application Platform BAP designed to make the development of custom business applications easier and faster. OroPlatform suffers from a security vulnerability that stems from the software's lack of effective filtering and escaping of JavaScript attributes. By sending...