VYPR
← All advisories
Unrated severityNVD Advisory· Published Apr 1, 2025· Updated Apr 2, 2025

Apache OFBiz: Stored XSS Vulnerability

CVE-2025-30676

Description

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Apache OFBiz.

This issue affects Apache OFBiz: before 18.12.19.

Users are recommended to upgrade to version 18.12.19, which fixes the issue.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Apache OFBiz before 18.12.19 contains a basic XSS vulnerability due to improper neutralization of script-related HTML tags in a web page.

Vulnerability

Apache OFBiz versions before 18.12.19 are affected by a basic cross-site scripting (XSS) vulnerability resulting from improper neutralization of script-related HTML tags in a web page [1]. This allows injection of arbitrary HTML and JavaScript.

Exploitation

An attacker can exploit this vulnerability by crafting a malicious input that contains script-related HTML tags, which are not properly sanitized by the application [2]. The attack may require user interaction, such as clicking a crafted link, or could be triggered automatically depending on the context.

Impact

Successful exploitation allows an attacker to execute arbitrary JavaScript in the context of the victim's browser, leading to potential session hijacking, defacement, or theft of sensitive information [2].

Mitigation

The issue is fixed in Apache OFBiz version 18.12.19 [3]. Users are recommended to upgrade immediately. No workarounds are provided.

References
  1. The Apache OFBiz® Project - Security
  2. [OFBIZ-13219] [CVE-2025-30676] Only accept right URLs as referrer
  3. The Apache OFBiz® Project - Downloads

AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

2

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

4

News mentions

0

No linked articles in our index yet.