Vulnerabilities (CVE)

Filtered by vendor Oroinc Subscribe

Filtered by product Orocommerce

CVSS v3 Filter

ALL

NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 2 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2023-32064	1 Oroinc	1 Orocommerce	2023-12-01	N/A	4.3 MEDIUM
OroCommerce package with customer portal and non authenticated visitor website base features. Back-office users can access information about Customer and Customer User menus, bypassing ACL security restrictions due to insufficient security checks. This issue has been patched in version 5.0.11 and 5.1.1.
CVE-2023-32065	1 Oroinc	1 Orocommerce	2023-12-01	N/A	5.8 MEDIUM
OroCommerce is an open-source Business to Business Commerce application built with flexibility in mind. Detailed Order totals information may be received by Order ID. This issue is patched in version 5.0.11 and 5.1.1.