Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2022-25370

Published: 02/09/2022 Updated: 07/09/2022
CVSS v3 Base Score: 5.4 | Impact Score: 2.7 | Exploitability Score: 2.3
VMScore: 0
Subscribe to Apache

Vulnerability Summary

Apache OFBiz uses the Birt plugin (eclipse.github.io/birt-website/) to create data visualizations and reports. In Apache OFBiz release 18.12.05, and previous versions versions, by leveraging a vulnerability in Birt (bugs.eclipse.org/bugs/show_bug.cgi?id=538142), an unauthenticated malicious user could perform a stored XSS attack in order to inject a malicious payload and execute it using the stored XSS.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

apache ofbiz

References

CWE-79https://lists.apache.org/thread/vrvzokvxqtc4t6d7g8xgz89xpxcvjofhhttp://www.openwall.com/lists/oss-security/2022/09/02/8http://www.openwall.com/lists/oss-security/2022/09/03/1https://nvd.nist.gov
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48654CVE-2024-2757authentication bypassCVE-2024-3194CVE-2024-33640CVE-2024-21111dosinsecure direct object referenceCVE-2024-21345
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook