CVE-2020-21266

CVE-2020-21266 affects Broadleaf Commerce 5.1.14-GA and is caused by a slow HTTP POST that enables cross-site scripting (XSS) on the client. The impact is client-side script execution. A fix is referenced in Broadleaf release notes for 5.1.15-GA; upgrading to that version is the supported remedia...

CVE-2023-33725

CVE-2023-33725 affects Broadleaf 5.x and 6.x (including 5.2.25-GA and 6.2.6-GA). The vulnerability is a cross-site scripting (XSS) flaw exploitable via a customer signup using a crafted email address. Several sources indicate the issue is fixed in version 6.2.6.1-GA , with some references also no...