Published: 22/08/2014 Updated: 09/10/2018

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Multiple cross-site scripting (XSS) vulnerabilities in framework/common/webcommon/includes/messages.ftl in Apache OFBiz 11.04.01 prior to 11.04.05 and 12.04.01 prior to 12.04.04 allow remote malicious users to inject arbitrary web script or HTML via unspecified vectors, which are not properly handled in a (1) result or (2) error message.

Vulnerable Product	Search on Vulmon	Subscribe to Product
apache ofbiz 12.04.01
apache ofbiz 12.04.02
apache ofbiz 12.04.03
apache ofbiz 11.04.03
apache ofbiz 11.04.04
apache ofbiz 11.04.01
apache ofbiz 11.04.02

CWE-79 http://ofbiz.apache.org/download.html#vulnerabilities http://www.securitytracker.com/id/1030739 http://secunia.com/advisories/60807 http://packetstormsecurity.com/files/127929/Apache-OFBiz-11.04.04-12.04.03-Cross-Site-Scripting.html http://www.securityfocus.com/bid/69286 http://seclists.org/oss-sec/2014/q3/405 http://svn.apache.org/viewvc?view=revision&revision=r1608698 https://exchange.xforce.ibmcloud.com/vulnerabilities/95356 http://www.securityfocus.com/archive/1/533163/100/0/threaded https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2014-0232

Vulnerability Summary

Vulnerability Trend

References

Vulmon Search

About

Products

Connect