Malicious code in @zalastax/nolb-_oro (npm)

The package @zalastax/nolb-oro was found to contain malicious code...

MAL-2025-10296 Malicious code in @zalastax/nolb-_oro (npm)

The package @zalastax/nolb-oro was found to contain malicious code...

PT-2024-40056 · Unknown · Oroplatform

Name of the Vulnerable Software and Affected Versions: OroPlatform affected versions not specified Description: The issue allows attackers to redirect users to an external website due to open redirection. Recommendations: At the moment, there is no information about a newer version that contains ...

OroPlatform 安全漏洞

OroPlatform is a PHP Business Application Platform BAP designed to make the development of custom business applications easier and faster. A security vulnerability exists in OroPlatform that stems from the fact that the navigation history, most viewed and favorite navigation items are returned to...

Fedora: Security Advisory for jakarta-oro (FEDORA-2024-129d8ca6fc)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 40 Update: jakarta-oro-2.0.8-44.fc40

The Jakarta-ORO Java classes are a set of text-processing Java classes that provide Perl5 compatible regular expressions, AWK-like regular expressions, glob expressions, and utility classes for performing substitutions, splits, filtering filenames, etc. This library is the successor to the...

Information Disclosure

oro/commerce is vulnerable to Information Disclosure. The vulnerability allows back-office users to bypass access control ACL restrictions and access detailed order totals information by simply knowing the order ID...

oro-schwabach.de Cross Site Scripting vulnerability OBB-3265663

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

oro-line.com Cross Site Scripting vulnerability OBB-3219340

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Cross-Site Scripting (XSS)

oro/commerce is vulnerable to cross-site scripting. The vulnerability is due to lack of sanitization in the shipping rule edit page which allows an attacker to inject and execute arbitrary JavaScript...

OroCommerce 跨站脚本漏洞

OroCommerce is an open source business-to-business commerce application from Oro Open Source. A cross-site scripting XSS vulnerability exists in OroCommerce versions 4.1.0 through 4.1.17, 4.2.0 through 4.2.11, and 5.0.0 through 5.0.3, which stems from susceptibility to cross-site scripting attack...

PT-2022-20477 · Unknown · Orocommerce

Name of the Vulnerable Software and Affected Versions: OroCommerce versions 4.1.0 through 4.1.17 OroCommerce versions 4.2.0 through 4.2.11 OroCommerce versions 5.0.0 through 5.0.3 Description: The issue concerns Cross-site Scripting in the UPS Surcharge field of the Shipping rule edit page. An...

Cross-site Scripting (XSS)

oro/commerce is vulnerable to cross-site scripting. The vulnerability exists through the grapesjs dependency used in the library as it does not properly validate the class name in ClassTagView.ts when it adds to the selector manager, allowing an attacker to inject and execute malicious javascript...

Malicious code in oro-gulp (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 434e907d46d7f142669cb87e668aa0f712aefab3a149d5c724727c7872fdb52e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-5125 Malicious code in oro-gulp (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 434e907d46d7f142669cb87e668aa0f712aefab3a149d5c724727c7872fdb52e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

new packages: jakarta-oro

An update is available for jakarta-oro. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky...

GHSA-JX5Q-G37M-H5HJ Client-Side JavaScript Prototype Pollution in oro/platform

Summary By sending a specially crafted request, an attacker could inject properties into existing JavaScript language construct prototypes, such as objects. Later this injection may lead to JS code execution by libraries that are vulnerable to Prototype Pollution. Workarounds Configure WAF to dro...

Client-Side JavaScript Prototype Pollution in oro/platform

Summary By sending a specially crafted request, an attacker could inject properties into existing JavaScript language construct prototypes, such as objects. Later this injection may lead to JS code execution by libraries that are vulnerable to Prototype Pollution. Workarounds Configure WAF to dro...

Cross-site Scripting (XSS)

oro/platform is vulnerable to cross-site scripting. The library does not properly validate the email template preview content, allowing an authorized attacker to add malicious XSS payload to the email template content and execute when the attacked user preview the template...

CVE-2021-43852 JavaScript Prototype Pollution in oro/platform

OroPlatform is a PHP Business Application Platform. In affected versions by sending a specially crafted request, an attacker could inject properties into existing JavaScript language construct prototypes, such as objects. Later this injection may lead to JS code execution by libraries that are...