CVE-2017-15714
The CVE-2017-15714 issue affects the BIRT plugin in Apache OFBiz versions 16.11.01 through 16.11.03. The root cause is that the plugin does not escape user input properties passed via the URL, enabling code injection when crafted input is supplied (e.g., a URL containing __format=%27;alert(%27xss...