Lucene search
K

61 matches found

NVD
NVD
added 2023/11/27 9:15 p.m.26 views

CVE-2022-41951

OroPlatform is a PHP Business Application Platform BAP designed to make development of custom business applications easier and faster. Path Traversal is possible in Oro\Bundle\GaufretteBundle\FileManager::getTemporaryFileName. With this method, an attacker can pass the path to a non-existent file...

9.8CVSS0.00946EPSS
Exploits0References1
Prion
Prion
added 2023/11/27 9:15 p.m.23 views

Path traversal

OroPlatform is a PHP Business Application Platform BAP designed to make development of custom business applications easier and faster. Path Traversal is possible in Oro\Bundle\GaufretteBundle\FileManager::getTemporaryFileName. With this method, an attacker can pass the path to a non-existent file...

7.5CVSS7.2AI score0.00946EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2023/11/27 8:58 p.m.57 views

CVE-2023-32062

CVE-2023-32062 affects OroPlatform/OroCalendarBundle where back-office users can access information from any system calendar event due to insufficient ACL checks. The issue is described across multiple sources (including Veracode and RH Red Hat) as an improper access control vulnerability in the ...

5CVSS4.6AI score0.00538EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2023/11/27 8:58 p.m.23 views

CVE-2023-32062 OroCalendarBundle has incorrect system calendar events visibility

OroPlatform is a package that assists system and user calendar management. Back-office users can access information from any system calendar event, bypassing ACL security restrictions due to insufficient security checks. This vulnerability has been patched in version 5.1.1...

5CVSS4.5AI score0.00538EPSS
Exploits0References5
Cvelist
Cvelist
added 2023/11/27 8:27 p.m.32 views

CVE-2022-41951 OroPlatform vulnerable to path traversal during temporary file manipulations

OroPlatform is a PHP Business Application Platform BAP designed to make development of custom business applications easier and faster. Path Traversal is possible in Oro\Bundle\GaufretteBundle\FileManager::getTemporaryFileName. With this method, an attacker can pass the path to a non-existent file...

8.5CVSS9.8AI score0.00946EPSS
Exploits0References1
CVE
CVE
added 2023/11/27 8:27 p.m.50 views

CVE-2022-41951

CVE-2022-41951 – Path traversal in OroPlatform is caused by a vulnerability in the file manager routine getTemporaryFileName in Oro\Bundle\GaufretteBundle\FileManager, which could allow an attacker to write to a new file by supplying a path to a non-existent file. The root cause involves unsafe h...

9.8CVSS9.2AI score0.00946EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2023/11/27 8:27 p.m.25 views

CVE-2022-41951 OroPlatform vulnerable to path traversal during temporary file manipulations

OroPlatform is a PHP Business Application Platform BAP designed to make development of custom business applications easier and faster. Path Traversal is possible in Oro\Bundle\GaufretteBundle\FileManager::getTemporaryFileName. With this method, an attacker can pass the path to a non-existent file...

8.5CVSS9.2AI score0.00946EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/11/27 12:0 a.m.5 views

OroPlatform Path Traversal Vulnerability

OroPlatform is a PHP Business Application Platform BAP designed to make the development of custom business applications easier and faster. A path traversal vulnerability exists in OroPlatform versions prior to 5.0.9, which stems from the presence of a path traversal vulnerability that allows an...

9.8CVSS6.8AI score0.00946EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/11/27 12:0 a.m.8 views

PT-2023-14046 · Oro · Oroplatform

Name of the Vulnerable Software and Affected Versions: OroPlatform versions prior to 5.0.9 Description: Path Traversal is possible in OroBundleGaufretteBundleFileManager::getTemporaryFileName. With this method, an attacker can pass the path to a non-existent file, which will allow writing the...

9.8CVSS9.4AI score0.00946EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2023/11/27 12:0 a.m.8 views

PT-2023-23576 · Unknown · Oroplatform

Name of the Vulnerable Software and Affected Versions: OroPlatform versions prior to 5.1.1 Description: The issue affects the OroPlatform package, which is used for system and user calendar management. It allows back-office users to access information from any system calendar event, bypassing ACL...

5CVSS4.5AI score0.00538EPSS
Exploits0References7
NVD
NVD
added 2022/01/04 8:15 p.m.14 views

CVE-2021-43852

OroPlatform is a PHP Business Application Platform. In affected versions by sending a specially crafted request, an attacker could inject properties into existing JavaScript language construct prototypes, such as objects. Later this injection may lead to JS code execution by libraries that are...

8.8CVSS0.01094EPSS
Exploits0References2
OSV
OSV
added 2022/01/04 8:15 p.m.13 views

CVE-2021-43852

OroPlatform is a PHP Business Application Platform. In affected versions by sending a specially crafted request, an attacker could inject properties into existing JavaScript language construct prototypes, such as objects. Later this injection may lead to JS code execution by libraries that are...

8.8CVSS7.4AI score
Exploits0References2
Prion
Prion
added 2022/01/04 8:15 p.m.13 views

Code injection

OroPlatform is a PHP Business Application Platform. In affected versions by sending a specially crafted request, an attacker could inject properties into existing JavaScript language construct prototypes, such as objects. Later this injection may lead to JS code execution by libraries that are...

6.8CVSS8.9AI score0.01094EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2022/01/04 7:40 p.m.59 views

CVE-2021-43852

CVE-2021-43852 (OroPlatform) : A prototype pollution flaw allows an attacker to inject properties into JavaScript prototypes (e.g., Object prototypes) via specially crafted requests, potentially enabling JS code execution by vulnerable libraries. The issue is mitigated by patching to version 4.2....

8.8CVSS8.9AI score0.01094EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2022/01/04 7:40 p.m.7 views

CVE-2021-43852 JavaScript Prototype Pollution in oro/platform

OroPlatform is a PHP Business Application Platform. In affected versions by sending a specially crafted request, an attacker could inject properties into existing JavaScript language construct prototypes, such as objects. Later this injection may lead to JS code execution by libraries that are...

8.8CVSS7.8AI score0.01094EPSS
Exploits0References2
NVD
NVD
added 2022/01/04 7:15 p.m.28 views

CVE-2021-41236

OroPlatform is a PHP Business Application Platform. In affected versions the email template preview is vulnerable to XSS payload added to email template content. An attacker must have permission to create or edit an email template. For successful payload, execution the attacked user must preview ...

6.9CVSS0.00672EPSS
Exploits0References2
OSV
OSV
added 2022/01/04 7:15 p.m.11 views

CVE-2021-41236

OroPlatform is a PHP Business Application Platform. In affected versions the email template preview is vulnerable to XSS payload added to email template content. An attacker must have permission to create or edit an email template. For successful payload, execution the attacked user must preview ...

4.8CVSS6.2AI score
Exploits0References2
Vulnrichment
Vulnrichment
added 2022/01/04 7:0 p.m.6 views

CVE-2021-41236 XSS vulnerability in oro/platform

OroPlatform is a PHP Business Application Platform. In affected versions the email template preview is vulnerable to XSS payload added to email template content. An attacker must have permission to create or edit an email template. For successful payload, execution the attacked user must preview ...

6.9CVSS6.3AI score0.00672EPSS
Exploits0References2
CVE
CVE
added 2022/01/04 7:0 p.m.66 views

CVE-2021-41236

CVE-2021-41236 affects the OroPlatform PHP Business Application Platform. The vulnerability lies in the email template preview function, where an XSS payload placed in email template content can execute when a user previews the template. An attacker must have permission to create or edit an email...

6.9CVSS5.1AI score0.00672EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2022/01/04 12:0 a.m.7 views

OroPlatform 注入漏洞

OroPlatform is a PHP Business Application Platform BAP designed to make the development of custom business applications easier and faster. OroPlatform suffers from a security vulnerability that stems from the software's lack of effective filtering and escaping of JavaScript attributes. By sending...

8.8CVSS8.4AI score0.01094EPSS
Exploits0References3
Rows per page
Query Builder