Packagist (Composer) package

oro/commerce

pkg:composer/oro/commerce

Vulnerabilities (3)

CVE	CVSS	Affected versions	Fixed in	Published	Description
CVE-2023-32065	—	>= 4.2.0, <= 4.2.10	—	Nov 28, 2023	OroCommerce is an open-source Business to Business Commerce application built with flexibility in mind. Detailed Order totals information may be received by Order ID. This issue is patched in version 5.0.11 and 5.1.1.
CVE-2022-35950	—	>= 4.1.0, <= 4.1.13	—	Oct 9, 2023	OroCommerce is an open-source Business to Business Commerce application. In versions 4.1.0 through 4.1.13, 4.2.0 through 4.2.10, 5.0.0 prior to 5.0.11, and 5.1.0 prior to 5.1.1, the JS payload added to the product name may be executed at the storefront when adding a note to the s
CVE-2022-31037	—	>= 4.1.0, < 5.0.6	5.0.6	Oct 18, 2022	OroCommerce is an open-source Business to Business Commerce application. Versions between 4.1.0 and 4.1.17 inclusive, 4.2.0 and 4.2.11 inclusive, and between 5.0.0 and 5.0.3 inclusive, are vulnerable to Cross-site Scripting in the UPS Surcharge field of the Shipping rule edit pag

CVE-2023-32065Nov 28, 2023
affected >= 4.2.0, <= 4.2.10
OroCommerce is an open-source Business to Business Commerce application built with flexibility in mind. Detailed Order totals information may be received by Order ID. This issue is patched in version 5.0.11 and 5.1.1.
CVE-2022-35950Oct 9, 2023
affected >= 4.1.0, <= 4.1.13
OroCommerce is an open-source Business to Business Commerce application. In versions 4.1.0 through 4.1.13, 4.2.0 through 4.2.10, 5.0.0 prior to 5.0.11, and 5.1.0 prior to 5.1.1, the JS payload added to the product name may be executed at the storefront when adding a note to the s
CVE-2022-31037Oct 18, 2022
affected >= 4.1.0, < 5.0.6fixed 5.0.6
OroCommerce is an open-source Business to Business Commerce application. Versions between 4.1.0 and 4.1.17 inclusive, 4.2.0 and 4.2.11 inclusive, and between 5.0.0 and 5.0.3 inclusive, are vulnerable to Cross-site Scripting in the UPS Surcharge field of the Shipping rule edit pag