CVE-2020-1943

Data sent with contentId to /control/stream is not sanitized, allowing XSS attacks in Apache OFBiz 16.11.01 to 16.11.07...

PT-2020-15180 · Apache · Apache Ofbiz

Name of the Vulnerable Software and Affected Versions: Apache OFBiz versions 16.11.01 through 16.11.07 Description: The issue allows for XSS attacks due to unsanitized data sent with the contentId to the "/control/stream" API endpoint. Recommendations: For Apache OFBiz versions 16.11.01 through...

Apache OFBiz XML-RPC event handler code issue vulnerability

Apache OFBiz is the United States Apache Apache Software Foundation of a set of enterprise resource planning ERP system. The system provides a set of Java-based Web application components and tools. XML-RPC event handler is one of the XML-RPC Remote Procedure Call Distributed Computing Protocol...

PT-2018-18396 · Apache · Apache Ofbiz

Name of the Vulnerable Software and Affected Versions: Apache OFBiz versions 16.11.01 through 16.11.04 Description: The issue concerns the OFBiz HTTP engine, specifically the handling of requests for HTTP services via the "/webtools/control/httpService" endpoint. Both POST and GET requests to thi...