Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
apache ofbiz 16.11.01 vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2017-15714
The BIRT plugin in Apache OFBiz 16.11.01 to 16.11.03 does not escape user input property passed. This allows for code injection by passing that code through the URL. For example by appending this code "__format=%27;alert(%27xss%27)" to the URL an alert window would exec...
Apache Ofbiz 16.11.02
Apache Ofbiz 16.11.03
Apache Ofbiz 16.11.01
6.5
CVSSv2
CVE-2016-4462
By manipulating the URL parameter externalLoginKey, a malicious, logged in user could pass valid Freemarker directives to the Template Engine that are reflected on the webpage; a specially crafted Freemarker template could be used for remote code execution. Mitigation: Upgrade to...
Apache Ofbiz 13.07
Apache Ofbiz 12.04.05
Apache Ofbiz 12.04
Apache Ofbiz 12.04.04
Apache Ofbiz 12.04.01
Apache Ofbiz 11.04.01
Apache Ofbiz 12.04.02
Apache Ofbiz 13.07.02
Apache Ofbiz 12.04.06
Apache Ofbiz 13.07.01
Apache Ofbiz 11.04.04
Apache Ofbiz 11.04.03
Apache Ofbiz 11.04
Apache Ofbiz 13.07.03
Apache Ofbiz 11.04.06
Apache Ofbiz 11.04.02
Apache Ofbiz 11.04.05
Apache Ofbiz 12.04.03
4.3
CVSSv2
CVE-2016-6800
The default configuration of the Apache OFBiz framework offers a blog functionality. Different users are able to operate blogs which are related to specific parties. In the form field for the creation of new blog articles the user input of the summary field as well as the article...
Apache Ofbiz 13.07
Apache Ofbiz 12.04.05
Apache Ofbiz 12.04
Apache Ofbiz 12.04.04
Apache Ofbiz 12.04.01
Apache Ofbiz 11.04.01
Apache Ofbiz 12.04.02
Apache Ofbiz 13.07.02
Apache Ofbiz 12.04.06
Apache Ofbiz 13.07.01
Apache Ofbiz 11.04.04
Apache Ofbiz 11.04.03
Apache Ofbiz 11.04
Apache Ofbiz 13.07.03
Apache Ofbiz 11.04.06
Apache Ofbiz 11.04.02
Apache Ofbiz 11.04.05
Apache Ofbiz 12.04.03
4.3
CVSSv2
CVE-2020-1943
Data sent with contentId to /control/stream is not sanitized, allowing XSS attacks in Apache OFBiz 16.11.01 to 16.11.07.
Apache Ofbiz
5
CVSSv2
CVE-2019-12426
an unauthenticated user could get access to information of some backend screens by invoking setSessionLocale in Apache OFBiz 16.11.01 to 16.11.06
Apache Ofbiz
5
CVSSv2
CVE-2018-8033
In Apache OFBiz 16.11.01 to 16.11.04, the OFBiz HTTP engine (org.apache.ofbiz.service.engine.HttpEngine.java) handles requests for HTTP services via the /webtools/control/httpService endpoint. Both POST and GET requests to the httpService endpoint may contain three parameters: se...
Apache Ofbiz
3 Github repositories
5
CVSSv2
CVE-2011-3600
The /webtools/control/xmlrpc endpoint in OFBiz XML-RPC event handler is exposed to External Entity Injection by passing DOCTYPE declarations with executable payloads that discloses the contents of files in the filesystem. In addition, it can also be used to probe for open network...
Apache Ofbiz
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
race condition
CVE-2024-4249
CVE-2024-4244
CVE-2023-20198
TCP
CVE-2022-48648
CVE-2022-48636
CVE-2024-21345
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started