VYPR
Unrated severityNVD Advisory· Published Jun 19, 2014· Updated Jun 16, 2026

CVE-2012-1621

CVE-2012-1621

Description

Multiple cross-site scripting (XSS) vulnerabilities in Apache Open For Business Project (aka OFBiz) 10.04.x before 10.04.02 allow remote attackers to inject arbitrary web script or HTML via (1) a parameter array in freemarker templates, the (2) contentId or (3) mapKey parameter in a cms event request, which are not properly handled in an error message, or unspecified input in (4) an ajax request to the getServerError function in checkoutProcess.js or (5) a Webslinger component request. NOTE: some of these details are obtained from third party information.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Apache/Ofbiz2 versions
    cpe:2.3:a:apache:ofbiz:10.04.01:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:apache:ofbiz:10.04.01:*:*:*:*:*:*:*
    • (no CPE)range: <10.04.02

Patches

Vulnerability mechanics

References

13

News mentions

0

No linked articles in our index yet.