Multiple cross-site scripting (XSS) vulnerabilities in framework/common/webcommon/includes/messages.ftl in Apache OFBiz 11.04.01 prior to 11.04.05 and 12.04.01 prior to 12.04.04 allow remote malicious users to inject arbitrary web script or HTML via unspecified vectors, which are not properly handled in a (1) result or (2) error message.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
apache ofbiz 12.04.01 |
||
apache ofbiz 12.04.02 |
||
apache ofbiz 12.04.03 |
||
apache ofbiz 11.04.01 |
||
apache ofbiz 11.04.02 |
||
apache ofbiz 11.04.03 |
||
apache ofbiz 11.04.04 |