CVE-2016-4462
CVE-2016-4462 concerns Apache OFBiz. A logged-in user can manipulate the externalLoginKey URL parameter to feed the Freemarker Template Engine with directives reflected on the page, enabling remote code execution via a specially crafted Freemarker template. Mitigation: upgrade to Apache OFBiz 16....