8.8CVSS
8.6AI Score
0.011EPSS
Apache OFBiz 17.12.01 is vulnerable to Host header injection by accepting arbitrary host
7.5CVSS
7.6AI Score
0.003EPSS
an unauthenticated user could get access to information of some backend screens by invoking setSessionLocale in Apache OFBiz 16.11.01 to 16.11.06
5.3CVSS
5.2AI Score
0.001EPSS
IDOR vulnerability in the order processing feature from ecommerce component of Apache OFBiz before 17.12.04
5.3CVSS
5.3AI Score
0.005EPSS
Data sent with contentId to /control/stream is not sanitized, allowing XSS attacks in Apache OFBiz 16.11.01 to 16.11.07.
6.1CVSS
5.9AI Score
0.402EPSS
XML-RPC request are vulnerable to unsafe deserialization and Cross-Site Scripting issues in Apache OFBiz 17.12.03
6.1CVSS
6.1AI Score
0.905EPSS