vulnerability
Apache OFBiz: CVE-2016-6800: Cross-site Scripting vulnerability.
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 4 | (AV:N/AC:M/Au:N/C:N/I:P/A:N) | Aug 30, 2017 | Dec 23, 2024 | Nov 28, 2025 |
Severity
4
CVSS
(AV:N/AC:M/Au:N/C:N/I:P/A:N)
Published
Aug 30, 2017
Added
Dec 23, 2024
Modified
Nov 28, 2025
Description
The default configuration of the apache ofbiz framework offers a blog functionality. different users are able to operate blogs which are related to specific parties. in the form field for the creation of new blog articles the user input of the summary field as well as the article field is not properly sanitized. it is possible to inject arbitrary javascript code in these form fields. this code gets executed from the browser of every user who is visiting this article. mitigation: upgrade to apache ofbiz 16.11.01.
Solution
apache-ofbiz-upgrade-latest
References
- CWE-79
- CVE-2016-6800
- https://attackerkb.com/topics/CVE-2016-6800
- URL-https://lists.apache.org/thread.html/28987cffe0237fa67eca9de8bbbc04a917ac8785342ad9e5a196c978%40%3Cuser.ofbiz.apache.org%3E
- URL-https://s.apache.org/Owsz
- URL-https://svn.apache.org/viewvc?view=revision&revision=1759065
- URL-https://svn.apache.org/viewvc?view=revision&revision=1759218
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.