Cross-Site Scripting (XSS)

oro/commerce is vulnerable to cross-site scripting. The vulnerability is due to lack of sanitization in the shipping rule edit page which allows an attacker to inject and execute arbitrary JavaScript...

GHSA-4VF4-955G-VXP2 OroCommerce Cross site scripting vulnerability during shipping rule editing for UPS integration

Impact Shipping rule edit page is vulnerable to cross site scripting XSS payload added to UPS Surcharge field. The attacker should have permission to create or edit a shipping rule...

OroCommerce Cross site scripting vulnerability during shipping rule editing for UPS integration

Impact Shipping rule edit page is vulnerable to cross site scripting XSS payload added to UPS Surcharge field. The attacker should have permission to create or edit a shipping rule...

CVE-2022-31037

OroCommerce is an open-source Business to Business Commerce application. Versions between 4.1.0 and 4.1.17 inclusive, 4.2.0 and 4.2.11 inclusive, and between 5.0.0 and 5.0.3 inclusive, are vulnerable to Cross-site Scripting in the UPS Surcharge field of the Shipping rule edit page. The attacker...

Cross site scripting

OroCommerce is an open-source Business to Business Commerce application. Versions between 4.1.0 and 4.1.17 inclusive, 4.2.0 and 4.2.11 inclusive, and between 5.0.0 and 5.0.3 inclusive, are vulnerable to Cross-site Scripting in the UPS Surcharge field of the Shipping rule edit page. The attacker...

CVE-2022-31037 OroCommerce vulnerable to Cross-site Scripting via Shipping rule editing page

OroCommerce is an open-source Business to Business Commerce application. Versions between 4.1.0 and 4.1.17 inclusive, 4.2.0 and 4.2.11 inclusive, and between 5.0.0 and 5.0.3 inclusive, are vulnerable to Cross-site Scripting in the UPS Surcharge field of the Shipping rule edit page. The attacker...

OroCommerce 跨站脚本漏洞

OroCommerce is an open source business-to-business commerce application from Oro Open Source. A cross-site scripting XSS vulnerability exists in OroCommerce versions 4.1.0 through 4.1.17, 4.2.0 through 4.2.11, and 5.0.0 through 5.0.3, which stems from susceptibility to cross-site scripting attack...

CVE-2022-31037

CVE-2022-31037 affects OroCommerce versions 4.1.0–4.1.17, 4.2.0–4.2.11, and 5.0.0–5.0.3, with cross-site scripting in the UPS Surcharge field of the Shipping rule edit page. Exploitation requires permissions to create or edit a shipping rule. The issue has been mitigated by a patch in version 5.0...

CVE-2022-31037 OroCommerce vulnerable to Cross-site Scripting via Shipping rule editing page

OroCommerce is an open-source Business to Business Commerce application. Versions between 4.1.0 and 4.1.17 inclusive, 4.2.0 and 4.2.11 inclusive, and between 5.0.0 and 5.0.3 inclusive, are vulnerable to Cross-site Scripting in the UPS Surcharge field of the Shipping rule edit page. The attacker...