Ofbiz Security Vulnerabilities and Issues — Ofbiz CVE List

Lucene search

ApacheOfbiz

3 matches found

CVE•added 2025/03/10 2:15 p.m.•90 views

CVE-2025-26865

Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Apache OFBiz. This issue affects Apache OFBiz: from 18.12.17 before 18.12.18. It's a regression between 18.12.17 and 18.12.18.In case you use something like that, which is not recommended!For security, only offic...

3.5CVSS7.1AI score0.00277EPSS

CVE•added 2025/04/01 3:16 p.m.•50 views

CVE-2025-30676

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 18.12.19. Users are recommended to upgrade to version 18.12.19, which fixes the issue.

6.1CVSS6.9AI score0.00235EPSS

CVE•added 2025/08/15 3:15 p.m.•8 views

CVE-2025-54466

Improper Control of Generation of Code ('Code Injection') vulnerability leading to a possible RCE in Apache OFBiz scrum plugin. This issue affects Apache OFBiz: before 24.09.02 only when the scrum plugin is used. Even unauthenticated attackers can exploit this vulnerability. Users are recommended t...

9.8CVSS6.8AI score0.00082EPSS