oroinc/crm

oroinc/crm

Releases291

Frequency2 weeks 2 days

Last Release 24 days ago

Stars680

Main OroCRM package with core functionality.

Log in to subscribe

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2023-32063 ↗	Nov 28, 2023Tuesday, 28 November 2023, 04:15	5 MEDIUM	—
OroCalendarBundle enables a Calendar feature and related functionality in Oro applications. Back-office users can access information from any call event, bypassing ACL security restrictions due to insufficient security checks. This issue has been patched in version 5.0.4 and 5.1.1.
CVE-2023-32062 ↗	Nov 27, 2023Monday, 27 November 2023, 22:15	5 MEDIUM	—
OroPlatform is a package that assists system and user calendar management. Back-office users can access information from any system calendar event, bypassing ACL security restrictions due to insufficient security checks. This vulnerability has been patched in version 5.1.1.
CVE-2021-39198 ↗	Nov 19, 2021Friday, 19 November 2021, 22:15	4.2 MEDIUM	5.8 MEDIUM
OroCRM is an open source Client Relationship Management (CRM) application. Affected versions we found to suffer from a vulnerability which could an attacker is able to disqualify any Lead with a Cross-Site Request Forgery (CSRF) attack. There are no workarounds that address this vulnerability and all users are advised to update their package.