CVE-2019-10073 — Cross-site Scripting in Apache Ofbiz

CWE-79 — Cross-site Scripting4 documents4 sources

Severity

6.1MEDIUMNVD

EPSS

1.3%

top 20.49%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Ofbiz

Timeline

PublishedSep 11

Latest updateMay 24

Description

The "Blog", "Forum", "Contact Us" screens of the template "ecommerce" application bundled in Apache OFBiz are weak to Stored XSS attacks. Mitigation: Upgrade to 16.11.06 or manually apply the following commits on branch 16.11: 1858438, 1858543, 1860595 and 1860616

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

▶NVDapache/ofbiz16.11.01 — 16.11.05

▶CVEListV5apache/ofbizOFBiz 16.11.01 to 16.11.05

🔴Vulnerability Details

GHSA

GHSA-xj4p-xqh6-p7v7: The "Blog", "Forum", "Contact Us" screens of the template "ecommerce" application bundled in Apache OFBiz are weak to Stored XSS attacks↗2022-05-24

▶

CVEList

CVE-2019-10073: The "Blog", "Forum", "Contact Us" screens of the template "ecommerce" application bundled in Apache OFBiz are weak to Stored XSS attacks↗2019-09-11

▶

📋Vendor Advisories

Apache

Apache ofbiz: CVE-2019-10073↗

▶