Lucene search

K
ApacheOfbiz12.04.01

6 matches found

CVE
CVE
added 2016/04/12 2:59 p.m.54 views

CVE-2015-3268

Cross-site scripting (XSS) vulnerability in the DisplayEntityField.getDescription method in ModelFormField.java in Apache OFBiz before 12.04.06 and 13.07.x before 13.07.03 allows remote attackers to inject arbitrary web script or HTML via the description attribute of a display-entity element.

6.1CVSS6AI score0.06534EPSS
CVE
CVE
added 2013/08/15 4:55 p.m.51 views

CVE-2013-2250

Apache Open For Business Project (aka OFBiz) 10.04.01 through 10.04.05, 11.04.01 through 11.04.02, and 12.04.01 allows remote attackers to execute arbitrary Unified Expression Language (UEL) functions via JUEL metacharacters in unspecified parameters, related to nested expressions.

10CVSS7.6AI score0.12628EPSS
CVE
CVE
added 2017/08/30 5:29 p.m.48 views

CVE-2016-4462

By manipulating the URL parameter externalLoginKey, a malicious, logged in user could pass valid Freemarker directives to the Template Engine that are reflected on the webpage; a specially crafted Freemarker template could be used for remote code execution. Mitigation: Upgrade to Apache OFBiz 16.11...

8.8CVSS8.8AI score0.01029EPSS
CVE
CVE
added 2013/08/15 4:55 p.m.43 views

CVE-2013-2137

Cross-site scripting (XSS) vulnerability in the "View Log" screen in the Webtools application in Apache Open For Business Project (aka OFBiz) 10.04.01 through 10.04.05, 11.04.01 through 11.04.02, and 12.04.01 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3CVSS5.8AI score0.03806EPSS
CVE
CVE
added 2017/08/30 5:29 p.m.43 views

CVE-2016-6800

The default configuration of the Apache OFBiz framework offers a blog functionality. Different users are able to operate blogs which are related to specific parties. In the form field for the creation of new blog articles the user input of the summary field as well as the article field is not prope...

6.1CVSS6.3AI score0.02348EPSS
CVE
CVE
added 2014/08/22 2:55 p.m.40 views

CVE-2014-0232

Multiple cross-site scripting (XSS) vulnerabilities in framework/common/webcommon/includes/messages.ftl in Apache OFBiz 11.04.01 before 11.04.05 and 12.04.01 before 12.04.04 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, which are not properly handled in a (1...

4.3CVSS5.9AI score0.08691EPSS