CVE-2019-10074
CVE-2019-10074 affects Apache OFBiz where Freemarker markup in a Form Widget textarea can trigger remote code execution if encoding is disabled on that field (notably in the Customer Request “story” input of Order Manager). Root cause: disabling encoding on a user input field allows untrusted mar...