CVE-2022-35950

OroCommerce is an open-source Business to Business Commerce application. In versions 4.1.0 through 4.1.13, 4.2.0 through 4.2.10, 5.0.0 prior to 5.0.11, and 5.1.0 prior to 5.1.1, the JS payload added to the product name may be executed at the storefront when adding a note to the shopping list line...

EUVD-2022-7019

Malicious code in bioql PyPI...

PT-2023-23578 · Unknown · Orocommerce

Name of the Vulnerable Software and Affected Versions: OroCommerce versions prior to 5.0.11 OroCommerce versions prior to 5.1.1 Description: The issue allows back-office users to access information about Customer and Customer User menus, bypassing ACL security restrictions due to insufficient...

PT-2023-13453 · Unknown · Orocommerce

Name of the Vulnerable Software and Affected Versions: OroCommerce versions 4.1.0 through 4.1.13 OroCommerce versions 4.2.0 through 4.2.10 OroCommerce versions 5.0.0 through 5.0.10 OroCommerce versions 5.1.0 Description: The issue allows a JS payload added to the product name to be executed at th...

CVE-2022-31037 OroCommerce vulnerable to Cross-site Scripting via Shipping rule editing page

OroCommerce is an open-source Business to Business Commerce application. Versions between 4.1.0 and 4.1.17 inclusive, 4.2.0 and 4.2.11 inclusive, and between 5.0.0 and 5.0.3 inclusive, are vulnerable to Cross-site Scripting in the UPS Surcharge field of the Shipping rule edit page. The attacker...