Lucene search
K

766 matches found

NVD
NVD
added 2006/12/15 7:28 p.m.23 views

CVE-2006-6587

Cross-site scripting XSS vulnerability in the forum implementation in the ecommerce component in the Apache Open For Business Project OFBiz allows remote attackers to inject arbitrary web script or HTML by posting a message...

6.8CVSS5.6AI score0.07929EPSS
Exploits1References5
Cvelist
Cvelist
added 2006/12/15 7:0 p.m.29 views

CVE-2006-6589

Cross-site scripting XSS vulnerability in ecommerce/control/keywordsearch in the Apache Open For Business Project OFBiz and Opentaps 0.9.3 allows remote attackers to inject arbitrary web script or HTML via the SEARCHSTRING parameter, a different issue than CVE-2006-6587. NOTE: some of these detai...

5.6AI score0.02799EPSS
Exploits1References4
Cvelist
Cvelist
added 2006/12/15 7:0 p.m.29 views

CVE-2006-6588

The forum implementation in the ecommerce component in the Apache Open For Business Project OFBiz trusts the 1 dataResourceTypeId, 2 contentTypeId, and certain other hidden form fields, which allows remote attackers to create unauthorized types of content, modify content, or have other unknown...

6.7AI score0.02236EPSS
Exploits1References1
CVE
CVE
added 2006/12/15 7:0 p.m.56 views

CVE-2006-6589

The CVE-2006-6589 entry tracks a cross-site scripting (XSS) vulnerability affecting the ecommerce/control/keywordsearch path in Apache OFBiz and Opentaps 0.9.3, enabling remote injection of script/HTML via the SEARCH_STRING parameter. Connected OpenVAS data confirms HTML injection issues for Open...

6.8CVSS5.6AI score0.02799EPSS
Exploits1References4Affected Software2
CVE
CVE
added 2006/12/15 7:0 p.m.59 views

CVE-2006-6588

CVE-2006-6588 affects the Apache OFBiz OFBiz forum component, where the forum implementation trusts certain hidden form fields (dataResourceTypeId and contentTypeId) to process content. This trust allows remote attackers to create unauthorized content types, modify content, or cause other unknown...

7.5CVSS7.1AI score0.02236EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2006/12/15 7:0 p.m.62 views

CVE-2006-6587

CVE-2006-6587 is a Cross‑Site Scripting (XSS) flaw in the Apache OFBiz Open For Business (OFBiz) ecommerce forum component. The vulnerability allows remote attackers to inject arbitrary script or HTML by posting a message, targeting the forum implementation. The connected OpenVAS entry notes OFBi...

6.8CVSS5.6AI score0.07929EPSS
Exploits1References5Affected Software1
Rows per page
Query Builder