oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

[CVE-2020-1943] Apache OFBiz XSS Vulnerability

From: Jacopo Cappellato <jacopoc () apache org>
Date: Fri, 6 Mar 2020 10:08:05 +0100
Severity:
Important

Vendor:
The Apache Software Foundation

Versions Affected:
OFBiz 16.11.01 to 16.11.07

Description:
Data sent with "contentId" to "/control/stream" is not sanitized, allowing
XSS attacks.

Mitigation:
Upgrade to 17.12.01 or manually apply the commits at OFBIZ-10753
----

Credit:
Timon Funck <timon.funck () syss de>

References:
http://ofbiz.apache.org/download.html#vulnerabilities
Previous By Date Next
Previous By Thread Next

Current thread: