Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ofbiz vulnerabilities and exploits
(subscribe to this query)
446
VMScore
CVE-2018-8033
In Apache OFBiz 16.11.01 to 16.11.04, the OFBiz HTTP engine (org.apache.ofbiz.service.engine.HttpEngine.java) handles requests for HTTP services via the /webtools/control/httpService endpoint. Both POST and GET requests to the httpService endpoint may contain three parameters: se...
Apache Ofbiz
3 Github repositories
668
VMScore
CVE-2017-15714
The BIRT plugin in Apache OFBiz 16.11.01 to 16.11.03 does not escape user input property passed. This allows for code injection by passing that code through the URL. For example by appending this code "__format=%27;alert(%27xss%27)" to the URL an alert window would exec...
Apache Ofbiz 16.11.02
Apache Ofbiz 16.11.03
Apache Ofbiz 16.11.01
668
VMScore
CVE-2012-1622
Apache OFBiz 10.04.x prior to 10.04.02 allows remote malicious users to execute arbitrary code via unspecified vectors.
Apache Ofbiz 10.04
383
VMScore
CVE-2016-6800
The default configuration of the Apache OFBiz framework offers a blog functionality. Different users are able to operate blogs which are related to specific parties. In the form field for the creation of new blog articles the user input of the summary field as well as the article...
Apache Ofbiz 13.07
Apache Ofbiz 12.04.05
Apache Ofbiz 12.04
Apache Ofbiz 12.04.04
Apache Ofbiz 12.04.01
Apache Ofbiz 11.04.01
Apache Ofbiz 12.04.02
Apache Ofbiz 13.07.02
Apache Ofbiz 12.04.06
Apache Ofbiz 13.07.01
Apache Ofbiz 11.04.04
Apache Ofbiz 11.04.03
Apache Ofbiz 11.04
Apache Ofbiz 13.07.03
Apache Ofbiz 11.04.06
Apache Ofbiz 11.04.02
Apache Ofbiz 11.04.05
Apache Ofbiz 12.04.03
578
VMScore
CVE-2016-4462
By manipulating the URL parameter externalLoginKey, a malicious, logged in user could pass valid Freemarker directives to the Template Engine that are reflected on the webpage; a specially crafted Freemarker template could be used for remote code execution. Mitigation: Upgrade to...
Apache Ofbiz 13.07
Apache Ofbiz 12.04.05
Apache Ofbiz 12.04
Apache Ofbiz 12.04.04
Apache Ofbiz 12.04.01
Apache Ofbiz 11.04.01
Apache Ofbiz 12.04.02
Apache Ofbiz 13.07.02
Apache Ofbiz 12.04.06
Apache Ofbiz 13.07.01
Apache Ofbiz 11.04.04
Apache Ofbiz 11.04.03
Apache Ofbiz 11.04
Apache Ofbiz 13.07.03
Apache Ofbiz 11.04.06
Apache Ofbiz 11.04.02
Apache Ofbiz 11.04.05
Apache Ofbiz 12.04.03
670
VMScore
CVE-2016-2170
Apache OFBiz 12.04.x prior to 12.04.06 and 13.07.x prior to 13.07.03 allow remote malicious users to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library.
Apache Ofbiz
383
VMScore
CVE-2015-3268
Cross-site scripting (XSS) vulnerability in the DisplayEntityField.getDescription method in ModelFormField.java in Apache OFBiz prior to 12.04.06 and 13.07.x prior to 13.07.03 allows remote malicious users to inject arbitrary web script or HTML via the description attribute of a ...
Apache Ofbiz 13.07.02
Apache Ofbiz 12.04.05
Apache Ofbiz 13.07.01
Apache Ofbiz 12.04.01
Apache Ofbiz 12.04.02
Apache Ofbiz 12.04.03
Apache Ofbiz 12.04.04
383
VMScore
CVE-2014-0232
Multiple cross-site scripting (XSS) vulnerabilities in framework/common/webcommon/includes/messages.ftl in Apache OFBiz 11.04.01 prior to 11.04.05 and 12.04.01 prior to 12.04.04 allow remote malicious users to inject arbitrary web script or HTML via unspecified vectors, which are...
Apache Ofbiz 12.04.01
Apache Ofbiz 12.04.02
Apache Ofbiz 12.04.03
Apache Ofbiz 11.04.03
Apache Ofbiz 11.04.04
Apache Ofbiz 11.04.01
Apache Ofbiz 11.04.02
383
VMScore
CVE-2012-1621
Multiple cross-site scripting (XSS) vulnerabilities in Apache Open For Business Project (aka OFBiz) 10.04.x prior to 10.04.02 allow remote malicious users to inject arbitrary web script or HTML via (1) a parameter array in freemarker templates, the (2) contentId or (3) mapKey par...
Apache Ofbiz 10.04.01
355
VMScore
CVE-2013-0177
Multiple cross-site scripting (XSS) vulnerabilities in widget/screen/ModelScreenWidget.java in Apache Open For Business Project (aka OFBiz) 10.04.x prior to 10.04.05, 11.04.01, and possibly 09.04.x allow remote authenticated users to inject arbitrary web script or HTML via the (1...
Apache Ofbiz 09.04.01
Apache Ofbiz 10.04.01
Apache Ofbiz 10.04.03
Apache Ofbiz 10.04.04
Apache Ofbiz 11.04.01
Apache Ofbiz 09.04
Apache Ofbiz 10.04
Apache Ofbiz 10.04.02
1 EDB exploit
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereference
CVE-2023-52689
CVE-2024-23803
client side
CVE-2023-52696
information disclosure
CVE-2024-35843
CVE-2024-27130
CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »