Every CVE whose affected-product data names Oroinc Oroplatform, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (7)
CVE-2021-43852 — CVSS 8.8 (high): OroPlatform is a PHP Business Application Platform. In affected versions by sending a specially crafted request, an attacker could inject…
CVE-2022-41951 — CVSS 8.5 (high): OroPlatform is a PHP Business Application Platform (BAP) designed to make development of custom business applications easier and faster…
CVE-2021-41236 — CVSS 6.9 (medium): OroPlatform is a PHP Business Application Platform. In affected versions the email template preview is vulnerable to XSS payload added to…
CVE-2024-50677 — CVSS 6.1 (medium): A cross-site scripting (XSS) vulnerability in OroPlatform CMS v5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted…
CVE-2023-32062 — CVSS 5.0 (medium): OroPlatform is a package that assists system and user calendar management. Back-office users can access information from any system…
CVE-2023-48296 — CVSS 4.3 (medium): OroPlatform is a PHP Business Application Platform (BAP). Navigation history, most viewed and favorite navigation items are returned to…
CVE-2023-45824 — CVSS 4.3 (medium): OroPlatform is a PHP Business Application Platform (BAP). A logged in user can access page state data of pinned pages of other users by…