Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
apache ofbiz vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2022-25813
In Apache OFBiz, versions 18.12.05 and previous versions, an attacker acting as an anonymous user of the ecommerce plugin, can insert a malicious content in a message “Subject” field from the "Contact us" page. Then a party manager needs to list the communic...
Apache Ofbiz
1 Github repository
6.1
CVSSv3
CVE-2019-10073
The "Blog", "Forum", "Contact Us" screens of the template "ecommerce" application bundled in Apache OFBiz are weak to Stored XSS attacks. Mitigation: Upgrade to 16.11.06 or manually apply the following commits on branch 16.11: 1858438, 1858...
Apache Ofbiz
9.8
CVSSv3
CVE-2021-37608
Unrestricted Upload of File with Dangerous Type vulnerability in Apache OFBiz allows an malicious user to execute remote commands. This issue affects Apache OFBiz version 17.12.07 and prior versions. Upgrade to at least 17.12.08 or apply patches at https://issues.apache.org/jira/...
Apache Ofbiz
7.5
CVSSv3
CVE-2022-47501
Arbitrary file reading vulnerability in Apache Software Foundation Apache OFBiz when using the Solr plugin. This is a pre-authentication attack. This issue affects Apache OFBiz: prior to 18.12.07.
Apache Ofbiz
9.8
CVSSv3
CVE-2016-2170
Apache OFBiz 12.04.x prior to 12.04.06 and 13.07.x prior to 13.07.03 allow remote malicious users to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library.
Apache Ofbiz
NA
CVE-2010-0432
Multiple cross-site scripting (XSS) vulnerabilities in the Apache Open For Business Project (aka OFBiz) 09.04 and previous versions, as used in Opentaps, Neogia, and Entente Oya, allow remote malicious users to inject arbitrary web script or HTML via (1) the productStoreId parame...
Apache Ofbiz
3 EDB exploits
9.8
CVSSv3
CVE-2023-49070
Pre-auth RCE in Apache Ofbiz 18.12.09. It's due to XML-RPC no longer maintained still present. This issue affects Apache OFBiz: prior to 18.12.10. Users are recommended to upgrade to version 18.12.10
Apache Ofbiz
15 Github repositories
1 Article
9.8
CVSSv3
CVE-2023-51467
The vulnerability permits malicious users to circumvent authentication processes, enabling them to remotely execute arbitrary code
Apache Ofbiz
1 Metasploit module
18 Github repositories
1 Article
NA
CVE-2006-6589
Cross-site scripting (XSS) vulnerability in ecommerce/control/keywordsearch in the Apache Open For Business Project (OFBiz) and Opentaps 0.9.3 allows remote malicious users to inject arbitrary web script or HTML via the SEARCH_STRING parameter, a different issue than CVE-2006-658...
Apache Ofbiz
Apache Opentaps 0.9.3
6.1
CVSSv3
CVE-2020-9496
XML-RPC request are vulnerable to unsafe deserialization and Cross-Site Scripting issues in Apache OFBiz 17.12.03
Apache Ofbiz 17.12.03
11 Github repositories
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4761
command injection
CVE-2024-3676
IDOR
CVE-2024-30039
CVE-2024-32113
CVE-2024-30049
CVE-2024-4776
SQL injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »