← Back

Client Relationship Management

client_relationship_management

Vendor: Oroinc • 2 CVEs

CVEs (2)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2023-32063
1Oroinc
1Client Relationship Management
Nov 21, 2024
Nov 28, 2023
N/A· v4
5.0 MEDIUM· v3
N/A· v2
OroCalendarBundle enables a Calendar feature and related functionality in Oro applications. Back-office users can access information from any call event, bypassing ACL security restrictions due to insufficient security c...Show more
OroCalendarBundle enables a Calendar feature and related functionality in Oro applications. Back-office users can access information from any call event, bypassing ACL security restrictions due to insufficient security checks. This issue has been patched in version 5.0.4 and 5.1.1.Show less
CVE-2021-39198
1Oroinc
1Client Relationship Management
Nov 21, 2024
Nov 19, 2021
N/A· v4
5.4 MEDIUM· v3
5.8 MEDIUM· v2
OroCRM is an open source Client Relationship Management (CRM) application. Affected versions we found to suffer from a vulnerability which could an attacker is able to disqualify any Lead with a Cross-Site Request Forger...Show more
OroCRM is an open source Client Relationship Management (CRM) application. Affected versions we found to suffer from a vulnerability which could an attacker is able to disqualify any Lead with a Cross-Site Request Forgery (CSRF) attack. There are no workarounds that address this vulnerability and all users are advised to update their package.Show less