Security Advisories - oro/commerce - Packagist

oro/commerce Security Advisories for 5.0.0-alpha.1 (4)

[MEDIUM] OroCommerce get-totals-for-checkout API endpoint returns unwanted data

PKSA-8pmc-yd6d-ggv8 CVE-2023-32065 GHSA-88g2-xgh9-4ph2

Affected version: >=5.1.0,<5.1.1|>=5.0.0,<5.0.11|>=4.2.0,<=4.2.10

Reported by:
GitHub
[MEDIUM] OroCommerce Cross-site Scripting vulnerability in add note dialog of Shopping List line item

PKSA-6m1x-w3qg-gqvr CVE-2022-35950 GHSA-2jc6-3fhj-8q84

Affected version: >=5.1.0,<5.1.1|>=5.0.0,<5.0.11|>=4.2.0,<=4.2.10|>=4.1.0,<=4.1.13

Reported by:
GitHub
[MEDIUM] OroCommerce Cross site scripting vulnerability during shipping rule editing for UPS integration

PKSA-rtnt-5225-nzch CVE-2022-31037 GHSA-4vf4-955g-vxp2

Affected version: >=4.1.0,<5.0.6

Reported by:
GitHub
[MEDIUM] OroCommerce vulnerable to XSS when adding class name to Selector Manager on pages that use GrapeJS editor

PKSA-hqcx-w8t7-5h7y GHSA-6f85-3f8q-qc94

Affected version: >=5.0,<5.0.4

Reported by:
GitHub