CVE-2022-25813

In Apache OFBiz, versions 18.12.05 and earlier, an attacker acting as an anonymous user of the ecommerce plugin, can insert a malicious content in a message “Subject” field from the "Contact us" page. Then a party manager needs to list the communications in the party component to activate the SST...

PT-2025-6972 · Glpi +1 · Glpi +1

Name of the Vulnerable Software and Affected Versions: GLPI versions 0.72 through 10.0.17 Description: The issue allows an anonymous user to disable all active plugins. The estimated number of potentially affected devices is not provided. There is no information about real-world incidents where...