Vulnerability Database
290,020
Total vulnerabilities in the database
XSS vulnerability in translations
Summary
An attacker with admin privileges and access to Translations management functionality may add JS payload to translation values via:
- Translation management UI.
- Translations downloaded via the Crowdin service may also contain JS strings used for XSS attacks, for a successful attack poisoned translation should be enabled, downloaded, and installed.
- Translations uploaded via Upload translation file on the All Languages grid
Workarounds
There are no workarounds that address this vulnerability.
| Software | From | Fixed in |
|---|---|---|
oro / platform
|
3.1.0 | 3.1.29 |
|
oro / platform
|
4.1.0 | 4.1.17 |
|
oro / platform
|
4.2.0 | 4.2.8 |