oro/commerce

Packagist3 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting oro/commercepage 1 of 1

CVE-2022-31037MEDIUMCVSS 6.9EG 6.9✓ Fixed in 5.0.6
2022-10-18
vulnerable: 4.1.0 ... 5.0.5 (44 versions)
OroCommerce is an open-source Business to Business Commerce application. Versions between 4.1.0 and 4.1.17 inclusive, 4.2.0 and 4.2.11 inclusive, and between 5.0.0 and 5.0.3 inclusive, are vulnerable to Cross-site Scripting in the UPS Surc…
CVE-2022-35950MEDIUMCVSS 6.9EG 6.9✓ Fixed in 5.1.1
2023-10-09
vulnerable: 5.1.0
OroCommerce is an open-source Business to Business Commerce application. In versions 4.1.0 through 4.1.13, 4.2.0 through 4.2.10, 5.0.0 prior to 5.0.11, and 5.1.0 prior to 5.1.1, the JS payload added to the product name may be executed at t…
CVE-2023-32065MEDIUMCVSS 5.8EG 5.8✓ Fixed in 5.1.1
2023-11-28
vulnerable: 5.1.0
OroCommerce is an open-source Business to Business Commerce application built with flexibility in mind. Detailed Order totals information may be received by Order ID. This issue is patched in version 5.0.11 and 5.1.1.

Check whether oro/commerce is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for oro/commerce CVEs against the assets you own.

Start Free Scan →