3 matches found
CVE-2022-25813
In Apache OFBiz, versions 18.12.05 and earlier, an attacker acting as an anonymous user of the ecommerce plugin, can insert a malicious content in a message “Subject” field from the "Contact us" page. Then a party manager needs to list the communications in the party component to activate the SST...
CVE-2022-25813
Apache OFBiz CVE-2022-25813 affects versions 18.12.05 and earlier. An anonymous user can inject malicious content into the Subject field of the ecommerce plugin’s Contact us page, triggering a Server-Side Template Injection (SSTI) when a party manager lists communications, potentially enabling Re...
CVE-2022-25813 Server-Side Template Injection affecting the ecommerce plugin of Apache OFBiz
In Apache OFBiz, versions 18.12.05 and earlier, an attacker acting as an anonymous user of the ecommerce plugin, can insert a malicious content in a message “Subject” field from the "Contact us" page. Then a party manager needs to list the communications in the party component to activate the SST...