Cross site scripting

2014-08-2214:55:00

PRIOn knowledge base

www.prio-n.com

6.1 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

58.7%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in framework/common/webcommon/includes/messages.ftl in Apache OFBiz 11.04.01 before 11.04.05 and 12.04.01 before 12.04.04 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, which are not properly handled in a (1) result or (2) error message.

CPENameOperatorVersion
ofbizeq12.04.01
ofbizeq12.04.02
ofbizeq12.04.03
ofbizeq11.04.01
ofbizeq11.04.04
ofbizeq11.04.03
ofbizeq11.04.02

Name	Operator	Version
ofbiz	eq	12.04.01
ofbiz	eq	12.04.02
ofbiz	eq	12.04.03
ofbiz	eq	11.04.01
ofbiz	eq	11.04.04
ofbiz	eq	11.04.03
ofbiz	eq	11.04.02

References

ofbiz.apache.org/download.html

packetstormsecurity.com/files/127929/Apache-OFBiz-11.04.04-12.04.03-Cross-Site-Scripting.html

seclists.org/oss-sec/2014/q3/405

secunia.com/advisories/60807

svn.apache.org/viewvc?view=revision&revision=r1608698

www.securityfocus.com/archive/1/533163/100/0/threaded

www.securityfocus.com/bid/69286

www.securitytracker.com/id/1030739

exchange.xforce.ibmcloud.com/vulnerabilities/95356