Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
apache ofbiz vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2017-15714
The BIRT plugin in Apache OFBiz 16.11.01 to 16.11.03 does not escape user input property passed. This allows for code injection by passing that code through the URL. For example by appending this code "__format=%27;alert(%27xss%27)" to the URL an alert window would exec...
Apache Ofbiz 16.11.02
Apache Ofbiz 16.11.03
Apache Ofbiz 16.11.01
7.5
CVSSv2
CVE-2012-1622
Apache OFBiz 10.04.x prior to 10.04.02 allows remote malicious users to execute arbitrary code via unspecified vectors.
Apache Ofbiz 10.04
7.5
CVSSv2
CVE-2016-2170
Apache OFBiz 12.04.x prior to 12.04.06 and 13.07.x prior to 13.07.03 allow remote malicious users to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library.
Apache Ofbiz
7.5
CVSSv2
CVE-2006-6588
The forum implementation in the ecommerce component in the Apache Open For Business Project (OFBiz) trusts the (1) dataResourceTypeId, (2) contentTypeId, and certain other hidden form fields, which allows remote malicious users to create unauthorized types of content, modify cont...
Apache Ofbiz
6.8
CVSSv2
CVE-2019-0235
Apache OFBiz 17.12.01 is vulnerable to some CSRF attacks.
Apache Ofbiz 17.12.01
6.8
CVSSv2
CVE-2006-6587
Cross-site scripting (XSS) vulnerability in the forum implementation in the ecommerce component in the Apache Open For Business Project (OFBiz) allows remote malicious users to inject arbitrary web script or HTML by posting a message.
Apache Ofbiz
6.8
CVSSv2
CVE-2006-6589
Cross-site scripting (XSS) vulnerability in ecommerce/control/keywordsearch in the Apache Open For Business Project (OFBiz) and Opentaps 0.9.3 allows remote malicious users to inject arbitrary web script or HTML via the SEARCH_STRING parameter, a different issue than CVE-2006-658...
Apache Ofbiz
Apache Opentaps 0.9.3
6.5
CVSSv2
CVE-2016-4462
By manipulating the URL parameter externalLoginKey, a malicious, logged in user could pass valid Freemarker directives to the Template Engine that are reflected on the webpage; a specially crafted Freemarker template could be used for remote code execution. Mitigation: Upgrade to...
Apache Ofbiz 13.07
Apache Ofbiz 12.04.05
Apache Ofbiz 12.04
Apache Ofbiz 12.04.04
Apache Ofbiz 12.04.01
Apache Ofbiz 11.04.01
Apache Ofbiz 12.04.02
Apache Ofbiz 13.07.02
Apache Ofbiz 12.04.06
Apache Ofbiz 13.07.01
Apache Ofbiz 11.04.04
Apache Ofbiz 11.04.03
Apache Ofbiz 11.04
Apache Ofbiz 13.07.03
Apache Ofbiz 11.04.06
Apache Ofbiz 11.04.02
Apache Ofbiz 11.04.05
Apache Ofbiz 12.04.03
5
CVSSv2
CVE-2021-25958
In Apache Ofbiz, versions v17.12.01 to v17.12.07 implement a try catch exception to handle errors at multiple locations but leaks out sensitive table info which may aid the attacker for further recon. A user can register with a very long password, but when he tries to login with ...
Apache Ofbiz
5
CVSSv2
CVE-2020-13923
IDOR vulnerability in the order processing feature from ecommerce component of Apache OFBiz prior to 17.12.04
Apache Ofbiz
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-29895
inject
CVE-2023-52689
CVE-2024-5049
CVE-2024-5051
privilege escalation
physical
CVE-2023-52676
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »