CVE-2025-61623

CWE-79Cross-site Scripting (XSS)4 documents4 sources
Severity
6.5MEDIUM
EPSS
0.1%
top 76.55%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Apache Software Foundation Apache OfbizApache Ofbiz
Timeline
PublishedNov 12

Description

Reflected cross-site scripting vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.03. Users are recommended to upgrade to version 24.09.03, which fixes the issue.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:NExploitability: 3.9 | Impact: 2.5

Affected Packages2 packages

NVDapache/ofbiz< 24.09.03

🔴Vulnerability Details

2
GHSA
GHSA-vw27-7cgv-4xfw: Reflected cross-site scripting vulnerability in Apache OFBiz2025-11-12
CVEList
Apache OFBiz: Reflected Cross-site Scripting2025-11-12

📋Vendor Advisories

1
Apache
Apache ofbiz: CVE-2025-61623
CVE-2025-61623 (MEDIUM CVSS 6.5) | Reflected cross-site scripting vuln | cvebase.io