oro/platform

Packagist4 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting oro/platformpage 1 of 1

CVE-2021-41236MEDIUMCVSS 6.9EG 6.9✓ Fixed in 4.2.8
2022-01-04
vulnerable: 4.2.0 ... 4.2.7 (8 versions)
OroPlatform is a PHP Business Application Platform. In affected versions the email template preview is vulnerable to XSS payload added to email template content. An attacker must have permission to create or edit an email template. For suc…
CVE-2021-43852HIGHCVSS 8.8EG 8.8✓ Fixed in 4.2.8
2022-01-04
vulnerable: 4.2.0 ... 4.2.7 (8 versions)
OroPlatform is a PHP Business Application Platform. In affected versions by sending a specially crafted request, an attacker could inject properties into existing JavaScript language construct prototypes, such as objects. Later this inject…
CVE-2022-41951HIGHCVSS 8.5EG 8.5✓ Fixed in 5.0.8
2023-11-27
vulnerable: 5.0.0 ... 5.0.7 (8 versions)
OroPlatform is a PHP Business Application Platform (BAP) designed to make development of custom business applications easier and faster. Path Traversal is possible in `Oro\Bundle\GaufretteBundle\FileManager::getTemporaryFileName`. With thi…
CVE-2023-45824MEDIUMCVSS 4.3EG 4.3
2024-03-25
vulnerable: 4.2.0 ... 4.2.9 (11 versions)
OroPlatform is a PHP Business Application Platform (BAP). A logged in user can access page state data of pinned pages of other users by pageId hash. This vulnerability is fixed in 5.1.4.

Check whether oro/platform is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for oro/platform CVEs against the assets you own.

Start Free Scan →