You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ofbiz.apache.org by Jacopo Cappellato <ja...@apache.org> on 2020/03/06 09:08:05 UTC
[CVE-2020-1943] Apache OFBiz XSS Vulnerability
Severity:
Important
Vendor:
The Apache Software Foundation
Versions Affected:
OFBiz 16.11.01 to 16.11.07
Description:
Data sent with "contentId" to "/control/stream" is not sanitized, allowing
XSS attacks.
Mitigation:
Upgrade to 17.12.01 or manually apply the commits at OFBIZ-10753
----
Credit:
Timon Funck <ti...@syss.de>
References:
http://ofbiz.apache.org/download.html#vulnerabilities