Lucene search

Ofbiz Security Vulnerabilities - 2020

cve

Apache OFBiz 17.12.01 is vulnerable to some CSRF attacks.

8.8CVSS

8.6AI Score

0.011EPSS

2020-04-30 08:15 PM

cve

Apache OFBiz 17.12.01 is vulnerable to Host header injection by accepting arbitrary host

7.5CVSS

7.6AI Score

0.003EPSS

2020-04-30 08:15 PM

cve

an unauthenticated user could get access to information of some backend screens by invoking setSessionLocale in Apache OFBiz 16.11.01 to 16.11.06

5.3CVSS

5.2AI Score

0.001EPSS

2020-02-06 05:15 PM

cve

IDOR vulnerability in the order processing feature from ecommerce component of Apache OFBiz before 17.12.04

5.3CVSS

5.3AI Score

0.005EPSS

2020-07-15 04:15 PM

cve

Data sent with contentId to /control/stream is not sanitized, allowing XSS attacks in Apache OFBiz 16.11.01 to 16.11.07.

6.1CVSS

5.9AI Score

0.402EPSS

2020-04-01 07:15 PM

cve

XML-RPC request are vulnerable to unsafe deserialization and Cross-Site Scripting issues in Apache OFBiz 17.12.03

6.1CVSS

6.1AI Score

0.905EPSS

2020-07-15 04:15 PM

131