Recent Vulnerabilities Research Posts Trends Blog About Contact

Published: 30/08/2017 Updated: 07/11/2023

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 6.1 | Impact Score: 2.7 | Exploitability Score: 2.8

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

The default configuration of the Apache OFBiz framework offers a blog functionality. Different users are able to operate blogs which are related to specific parties. In the form field for the creation of new blog articles the user input of the summary field as well as the article field is not properly sanitized. It is possible to inject arbitrary JavaScript code in these form fields. This code gets executed from the browser of every user who is visiting this article. Mitigation: Upgrade to Apache OFBiz 16.11.01.

Vulnerable Product	Search on Vulmon	Subscribe to Product
apache ofbiz 13.07
apache ofbiz 12.04.05
apache ofbiz 12.04
apache ofbiz 12.04.04
apache ofbiz 12.04.01
apache ofbiz 11.04.01
apache ofbiz 12.04.02
apache ofbiz 13.07.02
apache ofbiz 12.04.06
apache ofbiz 13.07.01
apache ofbiz 11.04.04
apache ofbiz 11.04.03
apache ofbiz 11.04
apache ofbiz 13.07.03
apache ofbiz 11.04.06
apache ofbiz 11.04.02
apache ofbiz 11.04.05
apache ofbiz 12.04.03

CWE-79 https://s.apache.org/Owsz https://lists.apache.org/thread.html/28987cffe0237fa67eca9de8bbbc04a917ac8785342ad9e5a196c978%40%3Cuser.ofbiz.apache.org%3E https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2016-6800

Vulnerability Summary

References

Vulmon Search

About

Products

Connect