Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
apache ofbiz vulnerabilities and exploits
(subscribe to this query)
668
VMScore
CVE-2006-6588
The forum implementation in the ecommerce component in the Apache Open For Business Project (OFBiz) trusts the (1) dataResourceTypeId, (2) contentTypeId, and certain other hidden form fields, which allows remote malicious users to create unauthorized types of content, modify cont...
Apache Ofbiz
383
VMScore
CVE-2019-10073
The "Blog", "Forum", "Contact Us" screens of the template "ecommerce" application bundled in Apache OFBiz are weak to Stored XSS attacks. Mitigation: Upgrade to 16.11.06 or manually apply the following commits on branch 16.11: 1858438, 1858...
Apache Ofbiz
668
VMScore
CVE-2019-10074
An RCE is possible by entering Freemarker markup in an Apache OFBiz Form Widget textarea field when encoding has been disabled on such a field. This was the case for the Customer Request "story" input in the Order Manager application. Encoding should not be disabled wit...
Apache Ofbiz
NA
CVE-2023-51467
The vulnerability permits malicious users to circumvent authentication processes, enabling them to remotely execute arbitrary code
Apache Ofbiz
1 Metasploit module
18 Github repositories
1 Article
384
VMScore
CVE-2020-1943
Data sent with contentId to /control/stream is not sanitized, allowing XSS attacks in Apache OFBiz 16.11.01 to 16.11.07.
Apache Ofbiz
NA
CVE-2022-25371
Apache OFBiz uses the Birt project plugin (https://eclipse.github.io/birt-website/) to create data visualizations and reports. By leveraging a bug in Birt (https://bugs.eclipse.org/bugs/show_bug.cgi?id=538142) it is possible to perform a remote code execution (RCE) attack in Apac...
Apache Ofbiz
NA
CVE-2022-25813
In Apache OFBiz, versions 18.12.05 and previous versions, an attacker acting as an anonymous user of the ecommerce plugin, can insert a malicious content in a message “Subject” field from the "Contact us" page. Then a party manager needs to list the communic...
Apache Ofbiz
1 Github repository
NA
CVE-2022-25370
Apache OFBiz uses the Birt plugin (https://eclipse.github.io/birt-website/) to create data visualizations and reports. In Apache OFBiz release 18.12.05, and previous versions versions, by leveraging a vulnerability in Birt (https://bugs.eclipse.org/bugs/show_bug.cgi?id=538142), a...
Apache Ofbiz
NA
CVE-2022-47501
Arbitrary file reading vulnerability in Apache Software Foundation Apache OFBiz when using the Solr plugin. This is a pre-authentication attack. This issue affects Apache OFBiz: prior to 18.12.07.
Apache Ofbiz
668
VMScore
CVE-2021-37608
Unrestricted Upload of File with Dangerous Type vulnerability in Apache OFBiz allows an malicious user to execute remote commands. This issue affects Apache OFBiz version 17.12.07 and prior versions. Upgrade to at least 17.12.08 or apply patches at https://issues.apache.org/jira/...
Apache Ofbiz
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-52710
arbitrary
CVE-2024-5272
CVE-2024-2961
brute force
remote
CVE-2024-32944
CVE-2024-36241
CVE-2024-5274
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »