Critical severity9.8NVD Advisory· Published Jan 4, 2018· Updated Jun 17, 2026
CVE-2017-15714
CVE-2017-15714
Description
The BIRT plugin in Apache OFBiz 16.11.01 to 16.11.03 does not escape user input property passed. This allows for code injection by passing that code through the URL. For example by appending this code "__format=%27;alert(%27xss%27)" to the URL an alert window would execute.
Affected products
2Patches
Vulnerability mechanics
References
1- s.apache.org/UO3WnvdExploitIssue TrackingThird Party Advisory
News mentions
0No linked articles in our index yet.