766 matches found
CVE-2006-6587
Cross-site scripting XSS vulnerability in the forum implementation in the ecommerce component in the Apache Open For Business Project OFBiz allows remote attackers to inject arbitrary web script or HTML by posting a message...
CVE-2006-6589
Cross-site scripting XSS vulnerability in ecommerce/control/keywordsearch in the Apache Open For Business Project OFBiz and Opentaps 0.9.3 allows remote attackers to inject arbitrary web script or HTML via the SEARCHSTRING parameter, a different issue than CVE-2006-6587. NOTE: some of these detai...
CVE-2006-6588
The forum implementation in the ecommerce component in the Apache Open For Business Project OFBiz trusts the 1 dataResourceTypeId, 2 contentTypeId, and certain other hidden form fields, which allows remote attackers to create unauthorized types of content, modify content, or have other unknown...
CVE-2006-6589
The CVE-2006-6589 entry tracks a cross-site scripting (XSS) vulnerability affecting the ecommerce/control/keywordsearch path in Apache OFBiz and Opentaps 0.9.3, enabling remote injection of script/HTML via the SEARCH_STRING parameter. Connected OpenVAS data confirms HTML injection issues for Open...
CVE-2006-6588
CVE-2006-6588 affects the Apache OFBiz OFBiz forum component, where the forum implementation trusts certain hidden form fields (dataResourceTypeId and contentTypeId) to process content. This trust allows remote attackers to create unauthorized content types, modify content, or cause other unknown...
CVE-2006-6587
CVE-2006-6587 is a Cross‑Site Scripting (XSS) flaw in the Apache OFBiz Open For Business (OFBiz) ecommerce forum component. The vulnerability allows remote attackers to inject arbitrary script or HTML by posting a message, targeting the forum implementation. The connected OpenVAS entry notes OFBi...