2 matches found
CVE-2022-35950
OroCommerce is an open-source Business to Business Commerce application. In versions 4.1.0 through 4.1.13, 4.2.0 through 4.2.10, 5.0.0 prior to 5.0.11, and 5.1.0 prior to 5.1.1, the JS payload added to the product name may be executed at the storefront when adding a note to the shopping list line...
CVE-2022-35950
CVE-2022-35950 affects OroCommerce. In 4.1.0–4.1.13, 4.2.0–4.2.10, 5.0.0–5.0.10, and 5.1.0–5.1.0 (up to 5.1.1), a JavaScript payload added to the product name may execute at the storefront when a user adds a note to a shopping-list line item containing a vulnerable product. An attacker who can ed...