Unrated severityNVD Advisory· Published Sep 2, 2022· Updated Aug 3, 2024

Unauth Stored XSS vulnerability in the Birt plugin of Apache OFBiz

CVE-2022-25370

Description

Apache OFBiz uses the Birt plugin (https://eclipse.github.io/birt-website/) to create data visualizations and reports. In Apache OFBiz release 18.12.05, and earlier versions, by leveraging a vulnerability in Birt (https://bugs.eclipse.org/bugs/show_bug.cgi?id=538142), an unauthenticated malicious user could perform a stored XSS attack in order to inject a malicious payload and execute it using the stored XSS.

Affected products

Apache/Apache OFBizcpe-rescue
Range: Apache OFBiz

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.openwall.com/lists/oss-security/2022/09/02/8mitremailing-listx_refsource_MLIST
www.openwall.com/lists/oss-security/2022/09/03/1mitremailing-listx_refsource_MLIST
lists.apache.org/thread/vrvzokvxqtc4t6d7g8xgz89xpxcvjofhmitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000