OroCommerce is an open-source Business to Business Commerce application. In versions 4.1.0 through 4.1.13, 4.2.0 through 4.2.10, 5.0.0 prior to 5.0.11, and 5.1.0 prior to 5.1.1, the JS payload added to the product name may be executed at the storefront when adding a note to the shopping list line item containing a vulnerable product. An attacker should be able to edit a product in the admin area and force a user to add this product to Shopping List and click add a note for it. Versions 5.0.11 and 5.1.1 contain a fix for this issue.
Metrics
Affected Vendors & Products
References
History
Thu, 19 Sep 2024 14:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
MITRE
Status: PUBLISHED
Assigner: GitHub_M
Published: 2023-10-09T13:06:50.254Z
Updated: 2024-09-19T13:58:00.467Z
Reserved: 2022-07-15T23:52:24.267Z
Link: CVE-2022-35950
Vulnrichment
Updated: 2024-08-03T09:51:59.707Z
NVD
Status : Analyzed
Published: 2023-10-09T14:15:10.437
Modified: 2023-10-12T18:35:08.547
Link: CVE-2022-35950
Redhat
No data.