3 matches found
CVE-2022-25813
In Apache OFBiz, versions 18.12.05 and earlier, an attacker acting as an anonymous user of the ecommerce plugin, can insert a malicious content in a message “Subject” field from the "Contact us" page. Then a party manager needs to list the communications in the party component to activate the SST...
CVE-2022-25371
Apache OFBiz uses the Birt project plugin https://eclipse.github.io/birt-website/ to create data visualizations and reports. By leveraging a bug in Birt https://bugs.eclipse.org/bugs/showbug.cgi?id=538142 it is possible to perform a remote code execution RCE attack in Apache OFBiz, release 18.12....
Code injection
In Apache OFBiz, versions 18.12.05 and earlier, an attacker acting as an anonymous user of the ecommerce plugin, can insert a malicious content in a message “Subject” field from the "Contact us" page. Then a party manager needs to list the communications in the party component to activate the SST...