-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe vulnerability stems from improper output encoding in the shipping rule edit interface. Given that OroCommerce uses Twig templates (common in Symfony-based applications), and XSS occurs specifically in the UPS Surcharge field, the most probable root cause is a template rendering the surcharge value without adequate escaping. The absence of patch details requires inference, but the pattern matches classic XSS vulnerabilities in templating systems where user-controlled input is directly embedded in HTML/JS contexts without sanitization.
PHPPHP| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| oro/commerce | composer | >= 4.1.0, < 5.0.6 | 5.0.6 |