Oroinc: >> Client Relationship Management Security Vulnerabilities
OroCalendarBundle enables a Calendar feature and related functionality in Oro applications. Back-office users can access information from any call event, bypassing ACL security restrictions due to insufficient security checks. This issue has been patched in version 5.0.4 and 5.1.1.
CVSS Score
5.0
EPSS Score
0.002
Published
2023-11-28
OroCRM is an open source Client Relationship Management (CRM) application. Affected versions we found to suffer from a vulnerability which could an attacker is able to disqualify any Lead with a Cross-Site Request Forgery (CSRF) attack. There are no workarounds that address this vulnerability and all users are advised to update their package.
CVSS Score
4.2
EPSS Score
0.001
Published
2021-11-19