Open For Business Project (OFBiz)
by Apache
CVEs (5)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2013-2137 | 0.01 | — | 0.08 | Aug 15, 2013 | Cross-site scripting (XSS) vulnerability in the "View Log" screen in the Webtools application in Apache Open For Business Project (aka OFBiz) 10.04.01 through 10.04.05, 11.04.01 through 11.04.02, and 12.04.01 allows remote attackers to inject arbitrary web script or HTML via… | |||
| CVE-2012-3506 | 0.01 | — | 0.07 | Oct 25, 2012 | Unspecified vulnerability in the Apache Open For Business Project (aka OFBiz) 10.04.x before 10.04.03 has unknown impact and attack vectors. | |||
| CVE-2006-6587 | 0.01 | — | 0.08 | Dec 15, 2006 | Cross-site scripting (XSS) vulnerability in the forum implementation in the ecommerce component in the Apache Open For Business Project (OFBiz) allows remote attackers to inject arbitrary web script or HTML by posting a message. | |||
| CVE-2006-6588 | 0.00 | — | 0.02 | Dec 15, 2006 | The forum implementation in the ecommerce component in the Apache Open For Business Project (OFBiz) trusts the (1) dataResourceTypeId, (2) contentTypeId, and certain other hidden form fields, which allows remote attackers to create unauthorized types of content, modify content,… | |||
| CVE-2006-6589 | 0.00 | — | 0.03 | Dec 15, 2006 | Cross-site scripting (XSS) vulnerability in ecommerce/control/keywordsearch in the Apache Open For Business Project (OFBiz) and Opentaps 0.9.3 allows remote attackers to inject arbitrary web script or HTML via the SEARCH_STRING parameter, a different issue than CVE-2006-6587.… |
- CVE-2013-2137Aug 15, 2013risk 0.01cvss —epss 0.08
Cross-site scripting (XSS) vulnerability in the "View Log" screen in the Webtools application in Apache Open For Business Project (aka OFBiz) 10.04.01 through 10.04.05, 11.04.01 through 11.04.02, and 12.04.01 allows remote attackers to inject arbitrary web script or HTML via…
- CVE-2012-3506Oct 25, 2012risk 0.01cvss —epss 0.07
Unspecified vulnerability in the Apache Open For Business Project (aka OFBiz) 10.04.x before 10.04.03 has unknown impact and attack vectors.
- CVE-2006-6587Dec 15, 2006risk 0.01cvss —epss 0.08
Cross-site scripting (XSS) vulnerability in the forum implementation in the ecommerce component in the Apache Open For Business Project (OFBiz) allows remote attackers to inject arbitrary web script or HTML by posting a message.
- CVE-2006-6588Dec 15, 2006risk 0.00cvss —epss 0.02
The forum implementation in the ecommerce component in the Apache Open For Business Project (OFBiz) trusts the (1) dataResourceTypeId, (2) contentTypeId, and certain other hidden form fields, which allows remote attackers to create unauthorized types of content, modify content,…
- CVE-2006-6589Dec 15, 2006risk 0.00cvss —epss 0.03
Cross-site scripting (XSS) vulnerability in ecommerce/control/keywordsearch in the Apache Open For Business Project (OFBiz) and Opentaps 0.9.3 allows remote attackers to inject arbitrary web script or HTML via the SEARCH_STRING parameter, a different issue than CVE-2006-6587.…