VYPR
Unrated severityNVD Advisory· Published Jan 30, 2014· Updated Jun 16, 2026

CVE-2013-0177

CVE-2013-0177

Description

Multiple cross-site scripting (XSS) vulnerabilities in widget/screen/ModelScreenWidget.java in Apache Open For Business Project (aka OFBiz) 10.04.x before 10.04.05, 11.04.01, and possibly 09.04.x allow remote authenticated users to inject arbitrary web script or HTML via the (1) Screenlet.title or (2) Image.alt Widget attribute, as demonstrated by the parentPortalPageId parameter to exampleext/control/ManagePortalPages.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

9
  • Apache/Ofbiz9 versions
    cpe:2.3:a:apache:ofbiz:09.04:*:*:*:*:*:*:*+ 8 more
    • cpe:2.3:a:apache:ofbiz:09.04:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:ofbiz:09.04.01:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:ofbiz:10.04:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:ofbiz:10.04.01:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:ofbiz:10.04.02:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:ofbiz:10.04.03:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:ofbiz:10.04.04:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:ofbiz:11.04.01:*:*:*:*:*:*:*
    • (no CPE)range: >=10.04.x before 10.04.05, =11.04.01, possibly 09.04.x

Patches

Vulnerability mechanics

References

9

News mentions

0

No linked articles in our index yet.