Browse all 12 CVE security advisories affecting oroinc. AI-powered Chinese analysis, POCs, and references for each vulnerability.
OroInc develops enterprise resource planning (ERP) and customer relationship management (CRM) solutions for mid-market businesses. Historically, their products have been susceptible to remote code execution, cross-site scripting, and privilege escalation vulnerabilities, often stemming from insufficient input validation and access control flaws. The company has addressed multiple critical security flaws in its platform, with 12 CVEs documented to date. While no major public security incidents have been widely reported, the consistent pattern of vulnerabilities in their web applications and APIs suggests ongoing challenges in secure coding practices, requiring customers to maintain rigorous patch management and hardening procedures.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2023-45824 | OroPlatform's pinned entity creation form shows pages of other users — platformCWE-200 | 4.3 | Medium | 2024-03-25 |
| CVE-2022-41951 | OroPlatform vulnerable to path traversal during temporary file manipulations — platformCWE-22 | 8.6 | High | 2023-11-27 |
| CVE-2021-43852 | JavaScript Prototype Pollution in oro/platform — platformCWE-74 | 8.8 | High | 2022-01-04 |
| CVE-2021-41236 | XSS vulnerability in oro/platform — platformCWE-79 | 6.9 | Medium | 2022-01-04 |
This page lists every published CVE security advisory associated with oroinc. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.