Browse all 12 CVE security advisories affecting oroinc. AI-powered Chinese analysis, POCs, and references for each vulnerability.
OroInc develops enterprise resource planning (ERP) and customer relationship management (CRM) solutions for mid-market businesses. Historically, their products have been susceptible to remote code execution, cross-site scripting, and privilege escalation vulnerabilities, often stemming from insufficient input validation and access control flaws. The company has addressed multiple critical security flaws in its platform, with 12 CVEs documented to date. While no major public security incidents have been widely reported, the consistent pattern of vulnerabilities in their web applications and APIs suggests ongoing challenges in secure coding practices, requiring customers to maintain rigorous patch management and hardening procedures.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2023-32063 | OroCRMCallBundle has incorrect call view page visibility — crmCWE-284 | 5.0 | Medium | 2023-11-28 |
| CVE-2023-32062 | OroCalendarBundle has incorrect system calendar events visibility — crmCWE-284 | 5.0 | Medium | 2023-11-27 |
| CVE-2021-39198 | The disqualify lead action may be executed without CSRF token check — crmCWE-352 | 4.2 | Medium | 2021-11-19 |
This page lists every published CVE security advisory associated with oroinc. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.