Vulnerability Details CVE-2022-31037
OroCommerce is an open-source Business to Business Commerce application. Versions between 4.1.0 and 4.1.17 inclusive, 4.2.0 and 4.2.11 inclusive, and between 5.0.0 and 5.0.3 inclusive, are vulnerable to Cross-site Scripting in the UPS Surcharge field of the Shipping rule edit page. The attacker needs permission to create or edit a shipping rule. This issue has been patched in version 5.0.6. There are no known workarounds.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 24.3%
CVSS Severity
CVSS v3 Score 6.9
References
Products affected by CVE-2022-31037
-
cpe:2.3:a:oroinc:orocommerce:4.1.0
-
cpe:2.3:a:oroinc:orocommerce:4.1.1
-
cpe:2.3:a:oroinc:orocommerce:4.1.10
-
cpe:2.3:a:oroinc:orocommerce:4.1.11
-
cpe:2.3:a:oroinc:orocommerce:4.1.12
-
cpe:2.3:a:oroinc:orocommerce:4.1.13
-
cpe:2.3:a:oroinc:orocommerce:4.1.2
-
cpe:2.3:a:oroinc:orocommerce:4.1.3
-
cpe:2.3:a:oroinc:orocommerce:4.1.4
-
cpe:2.3:a:oroinc:orocommerce:4.1.5
-
cpe:2.3:a:oroinc:orocommerce:4.1.6
-
cpe:2.3:a:oroinc:orocommerce:4.1.7
-
cpe:2.3:a:oroinc:orocommerce:4.1.8
-
cpe:2.3:a:oroinc:orocommerce:4.1.9
-
cpe:2.3:a:oroinc:orocommerce:4.2.0
-
cpe:2.3:a:oroinc:orocommerce:4.2.1
-
cpe:2.3:a:oroinc:orocommerce:4.2.10
-
cpe:2.3:a:oroinc:orocommerce:4.2.2
-
cpe:2.3:a:oroinc:orocommerce:4.2.3
-
cpe:2.3:a:oroinc:orocommerce:4.2.4
-
cpe:2.3:a:oroinc:orocommerce:4.2.5
-
cpe:2.3:a:oroinc:orocommerce:4.2.6
-
cpe:2.3:a:oroinc:orocommerce:4.2.7
-
cpe:2.3:a:oroinc:orocommerce:4.2.8
-
cpe:2.3:a:oroinc:orocommerce:4.2.9
-
cpe:2.3:a:oroinc:orocommerce:5.0.0
-
cpe:2.3:a:oroinc:orocommerce:5.0.1
-
cpe:2.3:a:oroinc:orocommerce:5.0.2
-
cpe:2.3:a:oroinc:orocommerce:5.0.3