Lucene search
K

14 matches found

NVD
NVD
added 2024/03/25 7:15 p.m.24 views

CVE-2023-45824

OroPlatform is a PHP Business Application Platform BAP. A logged in user can access page state data of pinned pages of other users by pageId hash. This vulnerability is fixed in 5.1.4...

4.3CVSS4.5AI score0.0044EPSS
Exploits0References2
NVD
NVD
added 2024/03/25 7:15 p.m.27 views

CVE-2023-48296

OroPlatform is a PHP Business Application Platform BAP. Navigation history, most viewed and favorite navigation items are returned to storefront user in JSON navigation response if ID of storefront user matches ID of back-office user. This vulnerability is fixed in 5.1.4...

4.3CVSS4.5AI score0.0044EPSS
Exploits0References2
CVE
CVE
added 2024/03/25 6:19 p.m.62 views

CVE-2023-48296

Summary: OroPlatform (PHP BAP) contains an information disclosure vulnerability in the JSON navigation response. If a storefront user’s ID matches a back-office user’s ID, the response leaks navigation history, as well as most viewed and favorite navigation items. Root cause: Insufficient access ...

4.3CVSS4.4AI score0.0044EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2024/03/25 6:19 p.m.30 views

CVE-2023-48296 OroPlatform's storefront user can access history and most viewed data from matching back-office user with the same ID

OroPlatform is a PHP Business Application Platform BAP. Navigation history, most viewed and favorite navigation items are returned to storefront user in JSON navigation response if ID of storefront user matches ID of back-office user. This vulnerability is fixed in 5.1.4...

4.3CVSS5AI score0.0044EPSS
Exploits0References4
CVE
CVE
added 2024/03/25 6:15 p.m.69 views

CVE-2023-45824

The CVE-2023-45824 issue affects OroPlatform (PHP BAP). A logged-in user can access page state data of pinned pages belonging to other users by using a pageId hash. Publicly documented details indicate this affects OroPlatform versions across multiple lines: 4.2.0–4.2.10, 5.0.0–5.0.12, and 5.1.0–...

4.3CVSS4.4AI score0.0044EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2024/03/25 6:15 p.m.12 views

CVE-2023-45824 OroPlatform's pinned entity creation form shows pages of other users

OroPlatform is a PHP Business Application Platform BAP. A logged in user can access page state data of pinned pages of other users by pageId hash. This vulnerability is fixed in 5.1.4...

4.3CVSS7AI score0.0044EPSS
Exploits0References2
NVD
NVD
added 2023/11/27 9:15 p.m.11 views

CVE-2022-41951

OroPlatform is a PHP Business Application Platform BAP designed to make development of custom business applications easier and faster. Path Traversal is possible in Oro\Bundle\GaufretteBundle\FileManager::getTemporaryFileName. With this method, an attacker can pass the path to a non-existent file...

9.8CVSS0.00946EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/11/27 8:27 p.m.22 views

CVE-2022-41951 OroPlatform vulnerable to path traversal during temporary file manipulations

OroPlatform is a PHP Business Application Platform BAP designed to make development of custom business applications easier and faster. Path Traversal is possible in Oro\Bundle\GaufretteBundle\FileManager::getTemporaryFileName. With this method, an attacker can pass the path to a non-existent file...

8.5CVSS9.8AI score0.00946EPSS
Exploits0References1
CVE
CVE
added 2023/11/27 8:27 p.m.49 views

CVE-2022-41951

CVE-2022-41951 – Path traversal in OroPlatform is caused by a vulnerability in the file manager routine getTemporaryFileName in Oro\Bundle\GaufretteBundle\FileManager, which could allow an attacker to write to a new file by supplying a path to a non-existent file. The root cause involves unsafe h...

9.8CVSS9.2AI score0.00946EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2023/07/11 12:0 a.m.9 views

SAP NetWeaver Application Server 授权问题漏洞

SAP NetWeaver Application Server is an application server from SAP, Germany. An authorization issue vulnerability exists in SAP NetWeaver Application Server ABAP and ABAP Platform, which arises from performing incorrect authentication checks for functions that require a user's identity under...

7.4CVSS7.3AI score0.0033EPSS
Exploits0References3
NVD
NVD
added 2022/01/04 8:15 p.m.13 views

CVE-2021-43852

OroPlatform is a PHP Business Application Platform. In affected versions by sending a specially crafted request, an attacker could inject properties into existing JavaScript language construct prototypes, such as objects. Later this injection may lead to JS code execution by libraries that are...

8.8CVSS0.01094EPSS
Exploits0References2
Cvelist
Cvelist
added 2022/01/04 7:40 p.m.37 views

CVE-2021-43852 JavaScript Prototype Pollution in oro/platform

OroPlatform is a PHP Business Application Platform. In affected versions by sending a specially crafted request, an attacker could inject properties into existing JavaScript language construct prototypes, such as objects. Later this injection may lead to JS code execution by libraries that are...

8.8CVSS9.2AI score0.01094EPSS
Exploits0References2
Prion
Prion
added 2022/01/04 7:15 p.m.22 views

Cross site scripting

OroPlatform is a PHP Business Application Platform. In affected versions the email template preview is vulnerable to XSS payload added to email template content. An attacker must have permission to create or edit an email template. For successful payload, execution the attacked user must preview ...

3.5CVSS4.8AI score0.00672EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2022/01/04 7:0 p.m.31 views

CVE-2021-41236 XSS vulnerability in oro/platform

OroPlatform is a PHP Business Application Platform. In affected versions the email template preview is vulnerable to XSS payload added to email template content. An attacker must have permission to create or edit an email template. For successful payload, execution the attacked user must preview ...

6.9CVSS6.6AI score0.00672EPSS
Exploits0References2
Rows per page
Query Builder