Medium severity6.1NVD Advisory· Published Apr 12, 2016· Updated Jun 17, 2026
CVE-2015-3268
CVE-2015-3268
Description
Cross-site scripting (XSS) vulnerability in the DisplayEntityField.getDescription method in ModelFormField.java in Apache OFBiz before 12.04.06 and 13.07.x before 13.07.03 allows remote attackers to inject arbitrary web script or HTML via the description attribute of a display-entity element.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
8cpe:2.3:a:apache:ofbiz:12.04.01:*:*:*:*:*:*:*+ 7 more
- cpe:2.3:a:apache:ofbiz:12.04.01:*:*:*:*:*:*:*
- cpe:2.3:a:apache:ofbiz:12.04.02:*:*:*:*:*:*:*
- cpe:2.3:a:apache:ofbiz:12.04.03:*:*:*:*:*:*:*
- cpe:2.3:a:apache:ofbiz:12.04.04:*:*:*:*:*:*:*
- cpe:2.3:a:apache:ofbiz:12.04.05:*:*:*:*:*:*:*
- cpe:2.3:a:apache:ofbiz:13.07.01:*:*:*:*:*:*:*
- cpe:2.3:a:apache:ofbiz:13.07.02:*:*:*:*:*:*:*
- (no CPE)range: <=12.04.05, >=13.07.00 <13.07.03
Patches
Vulnerability mechanics
References
7- ofbiz.apache.org/download.htmlnvdPatchVendor Advisory
- blogs.apache.org/ofbiz/entry/announce_apache_ofbiz_13_07nvdPatchVendor Advisory
- packetstormsecurity.com/files/136638/Apache-OFBiz-13.07.02-13.07.01-Information-Disclosure.htmlnvd
- www.securityfocus.com/archive/1/538033/100/0/threadednvd
- www.securitytracker.com/id/1035514nvd
- blogs.apache.org/ofbiz/entry/announce_apache_ofbiz_12_04nvd
- issues.apache.org/jira/browse/OFBIZ-6506nvd
News mentions
0No linked articles in our index yet.