Apache Ofbiz vulnerabilities
4 known vulnerabilities affecting apache/apache_ofbiz.
Total CVEs
4
CISA KEV
0
Public exploits
2
Exploited in wild
0
Severity breakdown
HIGH2MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2019-12425HIGHCVSS 7.5v17.12.012020-04-30
CVE-2019-12425 [HIGH] CWE-74 CVE-2019-12425: Apache OFBiz 17.12.01 is vulnerable to Host header injection by accepting arbitrary host
Apache OFBiz 17.12.01 is vulnerable to Host header injection by accepting arbitrary host
cvelistv5nvd
CVE-2019-0235HIGHCVSS 8.8PoCv17.12.012020-04-30
CVE-2019-0235 [HIGH] CWE-352 CVE-2019-0235: Apache OFBiz 17.12.01 is vulnerable to some CSRF attacks.
Apache OFBiz 17.12.01 is vulnerable to some CSRF attacks.
cvelistv5nvd
CVE-2020-1943MEDIUMCVSS 6.1PoCv16.11.01 to 16.11.072020-04-01
CVE-2020-1943 [MEDIUM] CWE-79 CVE-2020-1943: Data sent with contentId to /control/stream is not sanitized, allowing XSS attacks in Apache OFBiz 1
Data sent with contentId to /control/stream is not sanitized, allowing XSS attacks in Apache OFBiz 16.11.01 to 16.11.07.
cvelistv5nvd
CVE-2019-12426MEDIUMCVSS 5.3vApache OFBiz 16.11.01 to 16.11.062020-02-06
CVE-2019-12426 [MEDIUM] CVE-2019-12426: an unauthenticated user could get access to information of some backend screens by invoking setSessi
an unauthenticated user could get access to information of some backend screens by invoking setSessionLocale in Apache OFBiz 16.11.01 to 16.11.06
cvelistv5nvd