0.001 Low
EPSS
Percentile
21.7%
oro/crm is vulnerable to cross-site forgery request attacks. The vulnerability exists due to an Insufficient permissions check in ‘disqualifyAction’ function which allows an attacker to execute the lead action without CSRF token check.
github.com/oroinc/crm/commit/a03848b743349a11674dcf1ab590452760ab296c
github.com/oroinc/crm/security/advisories/GHSA-vf7h-6246-hm43