Ofbiz@10.04.04 Security Vulnerabilities and Issues — Ofbiz@10.04.04 CVE List

Lucene search

ApacheOfbiz10.04.04

3 matches found

CVE•added 2013/08/15 4:55 p.m.•51 views

CVE-2013-2250

Apache Open For Business Project (aka OFBiz) 10.04.01 through 10.04.05, 11.04.01 through 11.04.02, and 12.04.01 allows remote attackers to execute arbitrary Unified Expression Language (UEL) functions via JUEL metacharacters in unspecified parameters, related to nested expressions.

10CVSS7.6AI score0.12628EPSS

CVE•added 2013/08/15 4:55 p.m.•43 views

CVE-2013-2137

Cross-site scripting (XSS) vulnerability in the "View Log" screen in the Webtools application in Apache Open For Business Project (aka OFBiz) 10.04.01 through 10.04.05, 11.04.01 through 11.04.02, and 12.04.01 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3CVSS5.8AI score0.03806EPSS

CVE•added 2014/01/30 3:6 p.m.•41 views

CVE-2013-0177

Multiple cross-site scripting (XSS) vulnerabilities in widget/screen/ModelScreenWidget.java in Apache Open For Business Project (aka OFBiz) 10.04.x before 10.04.05, 11.04.01, and possibly 09.04.x allow remote authenticated users to inject arbitrary web script or HTML via the (1) Screenlet.title or ...

3.5CVSS5.6AI score0.05305EPSS