Lucene search
RedhatCVELIST:CVE-2015-3268HistoryApr 12, 2016 - 2:00 p.m.
CVE-2015-3268
2016-04-1214:00:00
redhat
www.cve.org
1
0.002 Low
EPSS
Percentile
64.8%
Cross-site scripting (XSS) vulnerability in the DisplayEntityField.getDescription method in ModelFormField.java in Apache OFBiz before 12.04.06 and 13.07.x before 13.07.03 allows remote attackers to inject arbitrary web script or HTML via the description attribute of a display-entity element.
References
ofbiz.apache.org/download.html#vulnerabilities
packetstormsecurity.com/files/136638/Apache-OFBiz-13.07.02-13.07.01-Information-Disclosure.html
www.securityfocus.com/archive/1/538033/100/0/threaded
www.securitytracker.com/id/1035514
blogs.apache.org/ofbiz/entry/announce_apache_ofbiz_12_04
blogs.apache.org/ofbiz/entry/announce_apache_ofbiz_13_07
issues.apache.org/jira/browse/OFBIZ-6506
Related
prion
prion
Cross site scripting
2016-04-12 14:59:00
cve
cve
CVE-2015-3268
2016-04-12 14:59:00
nvd
nvd
CVE-2015-3268
2016-04-12 14:59:00