Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

oroinc — Vulnerabilities & Security Advisories 12

Browse all 12 CVE security advisories affecting oroinc. AI-powered Chinese analysis, POCs, and references for each vulnerability.

OroInc develops enterprise resource planning (ERP) and customer relationship management (CRM) solutions for mid-market businesses. Historically, their products have been susceptible to remote code execution, cross-site scripting, and privilege escalation vulnerabilities, often stemming from insufficient input validation and access control flaws. The company has addressed multiple critical security flaws in its platform, with 12 CVEs documented to date. While no major public security incidents have been widely reported, the consistent pattern of vulnerabilities in their web applications and APIs suggests ongoing challenges in secure coding practices, requiring customers to maintain rigorous patch management and hardening procedures.

Top products by oroinc: orocommerce platform crm
CVE IDTitleCVSSSeverityPublished
CVE-2023-48296 OroPlatform's storefront user can access history and most viewed data from matching back-office user with the same ID — orocommerceCWE-200 4.3 Medium2024-03-25
CVE-2023-45824 OroPlatform's pinned entity creation form shows pages of other users — platformCWE-200 4.3 Medium2024-03-25
CVE-2023-32065 OroCommerce get-totals-for-checkout API endpoint returns unwanted data — orocommerceCWE-284 5.8 Medium2023-11-28
CVE-2023-32064 OroCommerce Customer Portal Incorrect Customer and Customer Group Frontend Menus pages visibility — orocommerceCWE-284 5.0 Medium2023-11-28
CVE-2023-32063 OroCRMCallBundle has incorrect call view page visibility — crmCWE-284 5.0 Medium2023-11-28
CVE-2023-32062 OroCalendarBundle has incorrect system calendar events visibility — crmCWE-284 5.0 Medium2023-11-27
CVE-2022-41951 OroPlatform vulnerable to path traversal during temporary file manipulations — platformCWE-22 8.6 High2023-11-27
CVE-2022-35950 OroCommerce Cross-site Scripting vulnerability in add note dialog of Shopping List line item — orocommerceCWE-79 6.9 Medium2023-10-09
CVE-2022-31037 OroCommerce vulnerable to Cross-site Scripting via Shipping rule editing page — orocommerceCWE-79 6.9 Medium2022-10-18
CVE-2021-43852 JavaScript Prototype Pollution in oro/platform — platformCWE-74 8.8 High2022-01-04
CVE-2021-41236 XSS vulnerability in oro/platform — platformCWE-79 6.9 Medium2022-01-04
CVE-2021-39198 The disqualify lead action may be executed without CSRF token check — crmCWE-352 4.2 Medium2021-11-19

This page lists every published CVE security advisory associated with oroinc. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.