Apache

Ofbiz

55 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2012-1622

  • EPSS 6.48%
  • Published 26.10.2017 20:29:00
  • Last modified 20.04.2025 01:37:25

Apache OFBiz 10.04.x before 10.04.02 allows remote attackers to execute arbitrary code via unspecified vectors.

6.1

CVE-2016-6800

  • EPSS 2.72%
  • Published 30.08.2017 17:29:00
  • Last modified 20.04.2025 01:37:25

The default configuration of the Apache OFBiz framework offers a blog functionality. Different users are able to operate blogs which are related to specific parties. In the form field for the creation of new blog articles the user input of the summar...

8.8

CVE-2016-4462

  • EPSS 1.03%
  • Published 30.08.2017 17:29:00
  • Last modified 20.04.2025 01:37:25

By manipulating the URL parameter externalLoginKey, a malicious, logged in user could pass valid Freemarker directives to the Template Engine that are reflected on the webpage; a specially crafted Freemarker template could be used for remote code exe...

9.8

CVE-2016-2170

  • EPSS 14.91%
  • Published 12.04.2016 14:59:12
  • Last modified 12.04.2025 10:46:40

Apache OFBiz 12.04.x before 12.04.06 and 13.07.x before 13.07.03 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library.

6.1

CVE-2015-3268

  • EPSS 6.53%
  • Published 12.04.2016 14:59:00
  • Last modified 12.04.2025 10:46:40

Cross-site scripting (XSS) vulnerability in the DisplayEntityField.getDescription method in ModelFormField.java in Apache OFBiz before 12.04.06 and 13.07.x before 13.07.03 allows remote attackers to inject arbitrary web script or HTML via the descrip...

4.3

CVE-2014-0232

  • EPSS 8.69%
  • Published 22.08.2014 14:55:07
  • Last modified 12.04.2025 10:46:40

Multiple cross-site scripting (XSS) vulnerabilities in framework/common/webcommon/includes/messages.ftl in Apache OFBiz 11.04.01 before 11.04.05 and 12.04.01 before 12.04.04 allow remote attackers to inject arbitrary web script or HTML via unspecifie...

4.3

CVE-2012-1621

  • EPSS 5.54%
  • Published 19.06.2014 14:55:06
  • Last modified 12.04.2025 10:46:40

Multiple cross-site scripting (XSS) vulnerabilities in Apache Open For Business Project (aka OFBiz) 10.04.x before 10.04.02 allow remote attackers to inject arbitrary web script or HTML via (1) a parameter array in freemarker templates, the (2) conte...

3.5

CVE-2013-0177

  • EPSS 2.35%
  • Published 30.01.2014 15:06:22
  • Last modified 11.04.2025 00:51:21

Multiple cross-site scripting (XSS) vulnerabilities in widget/screen/ModelScreenWidget.java in Apache Open For Business Project (aka OFBiz) 10.04.x before 10.04.05, 11.04.01, and possibly 09.04.x allow remote authenticated users to inject arbitrary w...

10

CVE-2013-2250

  • EPSS 12.63%
  • Published 15.08.2013 16:55:09
  • Last modified 11.04.2025 00:51:21

Apache Open For Business Project (aka OFBiz) 10.04.01 through 10.04.05, 11.04.01 through 11.04.02, and 12.04.01 allows remote attackers to execute arbitrary Unified Expression Language (UEL) functions via JUEL metacharacters in unspecified parameters...

4.3

CVE-2013-2137

  • EPSS 3.81%
  • Published 15.08.2013 16:55:09
  • Last modified 11.04.2025 00:51:21

Cross-site scripting (XSS) vulnerability in the "View Log" screen in the Webtools application in Apache Open For Business Project (aka OFBiz) 10.04.01 through 10.04.05, 11.04.01 through 11.04.02, and 12.04.01 allows remote attackers to inject arbitra...