Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
apache ofbiz vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2018-17200
The Apache OFBiz HTTP engine (org.apache.ofbiz.service.engine.HttpEngine.java) handles requests for HTTP services via the /webtools/control/httpService endpoint. This service takes the `serviceContent` parameter in the request and deserializes it using XStream. This `XStream` ins...
Apache Ofbiz
5.3
CVSSv3
CVE-2023-46819
Missing Authentication in Apache Software Foundation Apache OFBiz when using the Solr plugin. This issue affects Apache OFBiz: prior to 18.12.09. Users are recommended to upgrade to version 18.12.09
Apache Ofbiz
NA
CVE-2006-6589
Cross-site scripting (XSS) vulnerability in ecommerce/control/keywordsearch in the Apache Open For Business Project (OFBiz) and Opentaps 0.9.3 allows remote malicious users to inject arbitrary web script or HTML via the SEARCH_STRING parameter, a different issue than CVE-2006-658...
Apache Ofbiz
Apache Opentaps 0.9.3
NA
CVE-2012-1621
Multiple cross-site scripting (XSS) vulnerabilities in Apache Open For Business Project (aka OFBiz) 10.04.x prior to 10.04.02 allow remote malicious users to inject arbitrary web script or HTML via (1) a parameter array in freemarker templates, the (2) contentId or (3) mapKey par...
Apache Ofbiz 10.04.01
9.8
CVSSv3
CVE-2012-1622
Apache OFBiz 10.04.x prior to 10.04.02 allows remote malicious users to execute arbitrary code via unspecified vectors.
Apache Ofbiz 10.04
8.8
CVSSv3
CVE-2019-0235
Apache OFBiz 17.12.01 is vulnerable to some CSRF attacks.
Apache Ofbiz 17.12.01
6.1
CVSSv3
CVE-2020-9496
XML-RPC request are vulnerable to unsafe deserialization and Cross-Site Scripting issues in Apache OFBiz 17.12.03
Apache Ofbiz 17.12.03
7 Github repositories
7.5
CVSSv3
CVE-2019-12425
Apache OFBiz 17.12.01 is vulnerable to Host header injection by accepting arbitrary host
Apache Ofbiz 17.12.01
NA
CVE-2010-04323
Apache OFBiz suffers from multiple cross site scripting vulnerabilities.
9.1
CVSSv3
CVE-2024-36104
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Apache OFBiz. This issue affects Apache OFBiz: prior to 18.12.14. Users are recommended to upgrade to version 18.12.14, which fixes the issue.
1 Github repository
1 Article
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
SQL injection
CVE-2024-52320
SQL
logic flaw
CVE-2024-6387
CVE-2024-11457
CVE-2024-11329
CVE-2024-50404
CVE-2023-48788
Home
/
Search Results
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »