Product:

Client_relationship_management

(Oroinc)
Repositories

Unknown:

This might be proprietary software.

#Vulnerabilities 2
Date Id Summary Products Score Patch Annotated
2023-11-28 CVE-2023-32063 OroCalendarBundle enables a Calendar feature and related functionality in Oro applications. Back-office users can access information from any call event, bypassing ACL security restrictions due to insufficient security checks. This issue has been patched in version 5.0.4 and 5.1.1. Client_relationship_management 5.0
2021-11-19 CVE-2021-39198 OroCRM is an open source Client Relationship Management (CRM) application. Affected versions we found to suffer from a vulnerability which could an attacker is able to disqualify any Lead with a Cross-Site Request Forgery (CSRF) attack. There are no workarounds that address this vulnerability and all users are advised to update their package. Client_relationship_management 5.4