CVE-2020-1943

🗓️ 01 Apr 2020 18:18:48Reported by apacheType

cve🔗 web.nvd.nist.gov📰️ 3 Media mentions👁 67 Views🌐 WEB

Data sent with contentId to /control/stream is not sanitized, allowing XSS attacks in Apache OFBiz 16.11.01 to 16.11.0

Reporter	Title	Published	Views	Family All 10
Circl	CVE-2020-1943	5 Feb 202500:00	–	circl
CNVD	Apache OFBiz Cross-Site Scripting Vulnerability (CNVD-2020-16521)	9 Mar 202000:00	–	cnvd
Check Point Advisories	Web Servers Cross-Site Scripting Attempt (CVE-2020-10820; CVE-2020-10821; CVE-2020-11930; CVE-2020-12256; CVE-2020-12259; CVE-2020-1943; CVE-2020-2096)	20 Dec 202000:00	–	checkpoint_advisories
Cvelist	CVE-2020-1943	1 Apr 202018:18	–	cvelist
Nuclei	Apache OFBiz <=16.11.07 - Cross-Site Scripting	1 Jun 202603:02	–	nuclei
NVD	CVE-2020-1943	1 Apr 202019:15	–	nvd
Prion	Code injection	1 Apr 202019:15	–	prion
Positive Technologies	PT-2020-15180 · Apache · Apache Ofbiz	1 Apr 202000:00	–	ptsecurity
RedhatCVE	CVE-2020-1943	22 May 202517:41	–	redhatcve
VulnCheck KEV	VulnCheck KEV: CVE-2020-1943	5 Dec 202300:00	–	vulncheck_kev

NVD

Vulners

Node

apache ofbizRange16.11.01–16.11.07

[
  {
    "product": "Apache OFBiz",
    "vendor": "Apache",
    "versions": [
      {
        "status": "affected",
        "version": "16.11.01 to 16.11.07"
      }
    ]
  }
]

Source	Link
lists	www.lists.apache.org/thread.html/r8efd5b62604d849ae2f93b2eb9ce0ce0356a4cf5812deed14030a757%40%3Cdev.ofbiz.apache.org%3E
lists	www.lists.apache.org/thread.html/r034123f2767830169fd04c922afb22d2389de6e2faf3a083207202bc%40%3Ccommits.ofbiz.apache.org%3E
s	www.s.apache.org/pr5u8
lists	www.lists.apache.org/thread.html/ra6c011af63d8a8cd8c0b8f72b2b0c392af4d5ed040ba59be344d13fa%40%3Cdev.ofbiz.apache.org%3E

Parameter	Position	Path	Description	CWE
contentId	request body	/control/stream	XSS via unsanitized contentId parameter to /control/stream	CWE-79

21 Nov 2024 05:11Current

5.9Medium risk

Vulners AI Score5.9

CVSS 24.3

CVSS 3.16.1

EPSS0.84474