Vulnerability Database
296,746
Total vulnerabilities in the database
XSS vulnerability in translations
Summary
An attacker with admin privileges and access to Translations management functionality may add JS payload to translation values via:
- Translation management UI.
- Translations downloaded via the Crowdin service may also contain JS strings used for XSS attacks, for a successful attack poisoned translation should be enabled, downloaded, and installed.
- Translations uploaded via Upload translation file on the All Languages grid
Workarounds
There are no workarounds that address this vulnerability.
| Software | From | Fixed in |
|---|---|---|
oro / platform
|
3.1.0 | 3.1.29 |
|
oro / platform
|
4.1.0 | 4.1.17 |
|
oro / platform
|
4.2.0 | 4.2.8 |
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime