Orocommerce@5.1.0 Security Vulnerabilities and Issues — Orocommerce@5.1.0 CVE List

Lucene search

OroincOrocommerce5.1.0

2 matches found

CVE•added 2024/12/06 4:15 p.m.•54 views

CVE-2024-50677

A cross-site scripting (XSS) vulnerability in OroPlatform CMS v5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Search parameter.

6.1CVSS5.8AI score0.00814EPSS

CVE•added 2023/10/09 2:15 p.m.•53 views

CVE-2022-35950

OroCommerce is an open-source Business to Business Commerce application. In versions 4.1.0 through 4.1.13, 4.2.0 through 4.2.10, 5.0.0 prior to 5.0.11, and 5.1.0 prior to 5.1.1, the JS payload added to the product name may be executed at the storefront when adding a note to the shopping list line i...

6.9CVSS5.5AI score0.00072EPSS