14 matches found
CVE-2023-45824
OroPlatform is a PHP Business Application Platform BAP. A logged in user can access page state data of pinned pages of other users by pageId hash. This vulnerability is fixed in 5.1.4...
CVE-2023-48296
OroPlatform is a PHP Business Application Platform BAP. Navigation history, most viewed and favorite navigation items are returned to storefront user in JSON navigation response if ID of storefront user matches ID of back-office user. This vulnerability is fixed in 5.1.4...
CVE-2023-48296
Summary: OroPlatform (PHP BAP) contains an information disclosure vulnerability in the JSON navigation response. If a storefront user’s ID matches a back-office user’s ID, the response leaks navigation history, as well as most viewed and favorite navigation items. Root cause: Insufficient access ...
CVE-2023-48296 OroPlatform's storefront user can access history and most viewed data from matching back-office user with the same ID
OroPlatform is a PHP Business Application Platform BAP. Navigation history, most viewed and favorite navigation items are returned to storefront user in JSON navigation response if ID of storefront user matches ID of back-office user. This vulnerability is fixed in 5.1.4...
CVE-2023-45824
The CVE-2023-45824 issue affects OroPlatform (PHP BAP). A logged-in user can access page state data of pinned pages belonging to other users by using a pageId hash. Publicly documented details indicate this affects OroPlatform versions across multiple lines: 4.2.0–4.2.10, 5.0.0–5.0.12, and 5.1.0–...
CVE-2023-45824 OroPlatform's pinned entity creation form shows pages of other users
OroPlatform is a PHP Business Application Platform BAP. A logged in user can access page state data of pinned pages of other users by pageId hash. This vulnerability is fixed in 5.1.4...
CVE-2022-41951
OroPlatform is a PHP Business Application Platform BAP designed to make development of custom business applications easier and faster. Path Traversal is possible in Oro\Bundle\GaufretteBundle\FileManager::getTemporaryFileName. With this method, an attacker can pass the path to a non-existent file...
CVE-2022-41951 OroPlatform vulnerable to path traversal during temporary file manipulations
OroPlatform is a PHP Business Application Platform BAP designed to make development of custom business applications easier and faster. Path Traversal is possible in Oro\Bundle\GaufretteBundle\FileManager::getTemporaryFileName. With this method, an attacker can pass the path to a non-existent file...
CVE-2022-41951
CVE-2022-41951 – Path traversal in OroPlatform is caused by a vulnerability in the file manager routine getTemporaryFileName in Oro\Bundle\GaufretteBundle\FileManager, which could allow an attacker to write to a new file by supplying a path to a non-existent file. The root cause involves unsafe h...
SAP NetWeaver Application Server 授权问题漏洞
SAP NetWeaver Application Server is an application server from SAP, Germany. An authorization issue vulnerability exists in SAP NetWeaver Application Server ABAP and ABAP Platform, which arises from performing incorrect authentication checks for functions that require a user's identity under...
CVE-2021-43852
OroPlatform is a PHP Business Application Platform. In affected versions by sending a specially crafted request, an attacker could inject properties into existing JavaScript language construct prototypes, such as objects. Later this injection may lead to JS code execution by libraries that are...
CVE-2021-43852 JavaScript Prototype Pollution in oro/platform
OroPlatform is a PHP Business Application Platform. In affected versions by sending a specially crafted request, an attacker could inject properties into existing JavaScript language construct prototypes, such as objects. Later this injection may lead to JS code execution by libraries that are...
Cross site scripting
OroPlatform is a PHP Business Application Platform. In affected versions the email template preview is vulnerable to XSS payload added to email template content. An attacker must have permission to create or edit an email template. For successful payload, execution the attacked user must preview ...
CVE-2021-41236 XSS vulnerability in oro/platform
OroPlatform is a PHP Business Application Platform. In affected versions the email template preview is vulnerable to XSS payload added to email template content. An attacker must have permission to create or edit an email template. For successful payload, execution the attacked user must preview ...