Unrated severityNVD Advisory· Published Jun 19, 2014· Updated May 6, 2026
CVE-2012-1621
CVE-2012-1621
Description
Multiple cross-site scripting (XSS) vulnerabilities in Apache Open For Business Project (aka OFBiz) 10.04.x before 10.04.02 allow remote attackers to inject arbitrary web script or HTML via (1) a parameter array in freemarker templates, the (2) contentId or (3) mapKey parameter in a cms event request, which are not properly handled in an error message, or unspecified input in (4) an ajax request to the getServerError function in checkoutProcess.js or (5) a Webslinger component request. NOTE: some of these details are obtained from third party information.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
13- ofbiz.apache.org/download.htmlnvdVendor Advisory
- seclists.org/bugtraq/2012/Apr/101nvdMailing ListThird Party Advisory
- seclists.org/fulldisclosure/2012/Apr/172nvdMailing ListThird Party Advisory
- secunia.com/advisories/48800nvdThird Party Advisory
- www.securityfocus.com/bid/53023nvdThird Party AdvisoryVDB Entry
- www.securitytracker.com/idnvdThird Party AdvisoryVDB Entry
- exchange.xforce.ibmcloud.com/vulnerabilities/74870nvdThird Party AdvisoryVDB Entry
- osvdb.org/show/osvdb/81346nvdBroken Link
- osvdb.org/show/osvdb/81347nvdBroken Link
- osvdb.org/show/osvdb/81348nvdBroken Link
- osvdb.org/show/osvdb/81349nvdBroken Link
- mail-archives.apache.org/mod_mbox/ofbiz-dev/201204.mbox/%3CA126EDA0-06A5-4B67-8CDD-FC5F5AABA147%40apache.org%3Envd
- mail-archives.apache.org/mod_mbox/www-announce/201204.mbox/%3C2B984C00-EC65-4455-98D3-55735ABE8AF9%40apache.org%3Envd
News mentions
0No linked articles in our index yet.