oss-sec mailing list archives
[CVE-2020-1943] Apache OFBiz XSS Vulnerability
From: Jacopo Cappellato <jacopoc () apache org>
Date: Fri, 6 Mar 2020 10:08:05 +0100
Severity: Important Vendor: The Apache Software Foundation Versions Affected: OFBiz 16.11.01 to 16.11.07 Description: Data sent with "contentId" to "/control/stream" is not sanitized, allowing XSS attacks. Mitigation: Upgrade to 17.12.01 or manually apply the commits at OFBIZ-10753 ---- Credit: Timon Funck <timon.funck () syss de> References: http://ofbiz.apache.org/download.html#vulnerabilities
Current thread:
- [CVE-2020-1943] Apache OFBiz XSS Vulnerability Jacopo Cappellato (Mar 06)