VYPR

Open For Business Project (OFBiz)

by Apache

CVEs (5)

  • CVE-2013-2137Aug 15, 2013
    risk 0.01cvss epss 0.08

    Cross-site scripting (XSS) vulnerability in the "View Log" screen in the Webtools application in Apache Open For Business Project (aka OFBiz) 10.04.01 through 10.04.05, 11.04.01 through 11.04.02, and 12.04.01 allows remote attackers to inject arbitrary web script or HTML via…

  • CVE-2012-3506Oct 25, 2012
    risk 0.01cvss epss 0.07

    Unspecified vulnerability in the Apache Open For Business Project (aka OFBiz) 10.04.x before 10.04.03 has unknown impact and attack vectors.

  • CVE-2006-6587Dec 15, 2006
    risk 0.01cvss epss 0.08

    Cross-site scripting (XSS) vulnerability in the forum implementation in the ecommerce component in the Apache Open For Business Project (OFBiz) allows remote attackers to inject arbitrary web script or HTML by posting a message.

  • CVE-2006-6588Dec 15, 2006
    risk 0.00cvss epss 0.02

    The forum implementation in the ecommerce component in the Apache Open For Business Project (OFBiz) trusts the (1) dataResourceTypeId, (2) contentTypeId, and certain other hidden form fields, which allows remote attackers to create unauthorized types of content, modify content,…

  • CVE-2006-6589Dec 15, 2006
    risk 0.00cvss epss 0.03

    Cross-site scripting (XSS) vulnerability in ecommerce/control/keywordsearch in the Apache Open For Business Project (OFBiz) and Opentaps 0.9.3 allows remote attackers to inject arbitrary web script or HTML via the SEARCH_STRING parameter, a different issue than CVE-2006-6587.…