Cross-Site Scripting Vulnerability in OroPlatform CMS
CVE-2024-50677

Currently unrated

Key Information:

Vendor: Oro Inc.
Vendor: CVE Published:; 6 December 2024

Badges

👾 Exploit Exists🟡 Public PoC

Summary

CVE-2024-50677 is a critical cross-site scripting (XSS) vulnerability identified in OroPlatform CMS version 5.1. This vulnerability can be exploited by attackers to execute arbitrary web scripts or HTML by injecting a crafted payload into the Search parameter of the application. If successfully executed, this can lead to serious security breaches such as data theft, session hijacking, or defacement of web pages. Organizations utilizing OroPlatform CMS are highly advised to take immediate action to patch this vulnerability, ensuring the protection of user data and the integrity of their web applications.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2024-50677
Created by ZumiYumi

References

https://github.com/oroinc/orocommerce-application

https://github.com/ZumiYumi/CVE-2024-50677

Timeline

🟡
Public PoC available
Dec 6, 2024
👾
Exploit known to exist
Dec 6, 2024
Vulnerability published
Dec 6, 2024