Security Advisories - oro/commerce - Packagist

oro/commerce Security Advisories for 5.0.0-alpha.1 (2)

OroCommerce Cross site scripting vulnerability during shipping rule editing for UPS integration

CVE-2022-31037

Affected version: >=4.1.0,<5.0.6

Reported by:
GitHub
OroCommerce vulnerable to XSS when adding class name to Selector Manager on pages that use GrapeJS editor

Affected version: >=5.0,<5.0.4

Reported by:
GitHub