CVE-2014-0232Cross-site Scripting in Apache Ofbiz

CWE-79Cross-site Scripting4 documents4 sources
Severity
4.3MEDIUMNVD
EPSS
12.6%
top 6.03%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Apache Ofbiz
Timeline
PublishedAug 22
Latest updateMay 14

Description

Multiple cross-site scripting (XSS) vulnerabilities in framework/common/webcommon/includes/messages.ftl in Apache OFBiz 11.04.01 before 11.04.05 and 12.04.01 before 12.04.04 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, which are not properly handled in a (1) result or (2) error message.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

NVDapache/ofbiz7 versions+6

Patches

Patch: ofbiz.apache.orgPatch: svn.apache.orgPatch: ofbiz.apache.org

🔴Vulnerability Details

2
GHSA
GHSA-r8pv-f253-ph8x: Multiple cross-site scripting (XSS) vulnerabilities in framework/common/webcommon/includes/messages2022-05-14
CVEList
CVE-2014-0232: Multiple cross-site scripting (XSS) vulnerabilities in framework/common/webcommon/includes/messages2014-08-22

📋Vendor Advisories

1
Apache
Apache ofbiz: CVE-2014-0232
CVE-2014-0232 — Cross-site Scripting in Apache Ofbiz | cvebase