Lucene search
ApacheCVELIST:CVE-2022-25370HistorySep 02, 2022 - 7:10 a.m.
CVE-2022-25370 Unauth Stored XSS vulnerability in the Birt plugin of Apache OFBiz
2022-09-0207:10:16
CWE-79
apache
www.cve.org
1
cve-2022-25370
apache ofbiz
birt plugin
stored xss
0.002 Low
EPSS
Percentile
55.3%
Apache OFBiz uses the Birt plugin (https://eclipse.github.io/birt-website/) to create data visualizations and reports. In Apache OFBiz release 18.12.05, and earlier versions, by leveraging a vulnerability in Birt (https://bugs.eclipse.org/bugs/show_bug.cgi?id=538142), an unauthenticated malicious user could perform a stored XSS attack in order to inject a malicious payload and execute it using the stored XSS.
CNA Affected
[
{
"product": "Apache OFBiz",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThanOrEqual": "18.12.05",
"status": "affected",
"version": "Apache OFBiz",
"versionType": "custom"
}
]
}
]Related
nvd
nvd
CVE-2022-25370
2022-09-02 07:15:07
cve
cve
CVE-2022-25370
2022-09-02 07:15:07
prion
prion
Cross site scripting
2022-09-02 07:15:00
cnvd
cnvd
Apache OFBiz Cross-Site Scripting Vulnerability (CNVD-2022-69474)
2022-09-02 00:00:00