vulnerability
Apache OFBiz: CVE-2015-3268: Cross-site scripting (XSS) vulnerability
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 4 | (AV:N/AC:M/Au:N/C:N/I:P/A:N) | Apr 12, 2016 | Dec 23, 2024 | Nov 28, 2025 |
Severity
4
CVSS
(AV:N/AC:M/Au:N/C:N/I:P/A:N)
Published
Apr 12, 2016
Added
Dec 23, 2024
Modified
Nov 28, 2025
Description
Cross-site scripting (XSS) vulnerability in the DisplayEntityField.getDescription method in ModelFormField.java in Apache OFBiz before 12.04.06 and 13.07.x before 13.07.03 allows remote attackers to inject arbitrary web script or HTML via the description attribute of a display-entity element.
Solution
apache-ofbiz-upgrade-latest
References
- CWE-79
- CVE-2015-3268
- https://attackerkb.com/topics/CVE-2015-3268
- URL-http://ofbiz.apache.org/download.html#vulnerabilities
- URL-http://packetstormsecurity.com/files/136638/Apache-OFBiz-13.07.02-13.07.01-Information-Disclosure.html
- URL-http://www.securityfocus.com/archive/1/538033/100/0/threaded
- URL-http://www.securitytracker.com/id/1035514
- URL-https://blogs.apache.org/ofbiz/entry/announce_apache_ofbiz_12_04
- URL-https://blogs.apache.org/ofbiz/entry/announce_apache_ofbiz_13_07
- URL-https://issues.apache.org/jira/browse/OFBIZ-6506
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.