Total
2 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-32063 | 1 Oroinc | 1 Client Relationship Management | 2024-11-21 | N/A | 5.0 MEDIUM |
| OroCalendarBundle enables a Calendar feature and related functionality in Oro applications. Back-office users can access information from any call event, bypassing ACL security restrictions due to insufficient security checks. This issue has been patched in version 5.0.4 and 5.1.1. | |||||
| CVE-2021-39198 | 1 Oroinc | 1 Client Relationship Management | 2024-11-21 | 5.8 MEDIUM | 4.2 MEDIUM |
| OroCRM is an open source Client Relationship Management (CRM) application. Affected versions we found to suffer from a vulnerability which could an attacker is able to disqualify any Lead with a Cross-Site Request Forgery (CSRF) attack. There are no workarounds that address this vulnerability and all users are advised to update their package. | |||||