VYPR
Critical severity9.8NVD Advisory· Published Jan 4, 2018· Updated Jun 17, 2026

CVE-2017-15714

CVE-2017-15714

Description

The BIRT plugin in Apache OFBiz 16.11.01 to 16.11.03 does not escape user input property passed. This allows for code injection by passing that code through the URL. For example by appending this code "__format=%27;alert(%27xss%27)" to the URL an alert window would execute.

Affected products

2
  • Apache/Ofbizllm-fuzzy2 versions
    16.11.01 to 16.11.03+ 1 more
    • (no CPE)range: 16.11.01 to 16.11.03
    • (no CPE)range: 16.11.01 to 16.11.03

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.