Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in widget/screen/ModelScreenWidget.java in Apache Open For Business Project aka OFBiz 10.04.x before 10.04.05, 11.04.01, and possibly 09.04.x allow remote authenticated users to inject arbitrary web script or HTML via the 1 Screenlet.title or 2...