Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2013-0177Cross-site Scripting in Apache Ofbiz

CWE-79Cross-site Scripting5 documents5 sources
Severity
3.5LOWNVD
EPSS
4.2%
top 11.24%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Apache Ofbiz
Timeline
PublishedJan 30
Latest updateMay 5

Description

Multiple cross-site scripting (XSS) vulnerabilities in widget/screen/ModelScreenWidget.java in Apache Open For Business Project (aka OFBiz) 10.04.x before 10.04.05, 11.04.01, and possibly 09.04.x allow remote authenticated users to inject arbitrary web script or HTML via the (1) Screenlet.title or (2) Image.alt Widget attribute, as demonstrated by the parentPortalPageId parameter to exampleext/control/ManagePortalPages.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 6.8 | Impact: 2.9

Affected Packages1 packages

NVDapache/ofbiz8 versions+7

🔴Vulnerability Details

2
GHSA
GHSA-w9c3-p3j8-wq65: Multiple cross-site scripting (XSS) vulnerabilities in widget/screen/ModelScreenWidget2022-05-05
CVEList
CVE-2013-0177: Multiple cross-site scripting (XSS) vulnerabilities in widget/screen/ModelScreenWidget2014-01-30

💥Exploits & PoCs

1
Exploit-DB
Apache OFBiz 10.4.x - Multiple Cross-Site Scripting Vulnerabilities2013-01-18

📋Vendor Advisories

1
Apache
Apache ofbiz: CVE-2013-0177
CVE-2013-0177 — Cross-site Scripting in Apache Ofbiz | cvebase