Ofbiz@10.04.01 Security Vulnerabilities and Issues — Ofbiz@10.04.01 CVE List

Lucene search

ApacheOfbiz10.04.01

5 matches found

CVE•added 2014/06/19 2:55 p.m.•57 views

CVE-2012-1621

Multiple cross-site scripting (XSS) vulnerabilities in Apache Open For Business Project (aka OFBiz) 10.04.x before 10.04.02 allow remote attackers to inject arbitrary web script or HTML via (1) a parameter array in freemarker templates, the (2) contentId or (3) mapKey parameter in a cms event reque...

4.3CVSS5.9AI score0.05543EPSS

CVE•added 2013/08/15 4:55 p.m.•51 views

CVE-2013-2250

Apache Open For Business Project (aka OFBiz) 10.04.01 through 10.04.05, 11.04.01 through 11.04.02, and 12.04.01 allows remote attackers to execute arbitrary Unified Expression Language (UEL) functions via JUEL metacharacters in unspecified parameters, related to nested expressions.

10CVSS7.6AI score0.12628EPSS

CVE•added 2013/08/15 4:55 p.m.•43 views

CVE-2013-2137

Cross-site scripting (XSS) vulnerability in the "View Log" screen in the Webtools application in Apache Open For Business Project (aka OFBiz) 10.04.01 through 10.04.05, 11.04.01 through 11.04.02, and 12.04.01 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3CVSS5.8AI score0.03806EPSS

CVE•added 2014/01/30 3:6 p.m.•41 views

CVE-2013-0177

Multiple cross-site scripting (XSS) vulnerabilities in widget/screen/ModelScreenWidget.java in Apache Open For Business Project (aka OFBiz) 10.04.x before 10.04.05, 11.04.01, and possibly 09.04.x allow remote authenticated users to inject arbitrary web script or HTML via the (1) Screenlet.title or ...

3.5CVSS5.6AI score0.05305EPSS

CVE•added 2012/10/25 10:51 a.m.•36 views

CVE-2012-3506

Unspecified vulnerability in the Apache Open For Business Project (aka OFBiz) 10.04.x before 10.04.03 has unknown impact and attack vectors.

10CVSS6.7AI score0.0416EPSS