vulnerability
Apache OFBiz: CVE-2019-10073: Cross-site Scripting vulnerability.
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 4 | (AV:N/AC:M/Au:N/C:N/I:P/A:N) | Sep 11, 2019 | Dec 23, 2024 | Nov 28, 2025 |
Severity
4
CVSS
(AV:N/AC:M/Au:N/C:N/I:P/A:N)
Published
Sep 11, 2019
Added
Dec 23, 2024
Modified
Nov 28, 2025
Description
The "blog", "forum", "contact us" screens of the template "ecommerce" application bundled in apache ofbiz are weak to stored xss attacks. mitigation: upgrade to 16.11.06 or manually apply the following commits on branch 16.11: 1858438, 1858543, 1860595 and 1860616
Solution
apache-ofbiz-upgrade-latest
References
- CWE-79
- CVE-2019-10073
- https://attackerkb.com/topics/CVE-2019-10073
- URL-https://lists.apache.org/thread.html/r8f01aab5dd92487c191599def3c950c643d7ad297c4db1d6722ea151%40%3Ccommits.ofbiz.apache.org%3E
- URL-https://lists.apache.org/thread.html/rfafb229c0d805c8f2bd232d28cd1297876faf5c953f1d7bcf76eef4f%40%3Ccommits.ofbiz.apache.org%3E
- URL-https://s.apache.org/w6edy
- URL-https://svn.apache.org/viewvc?view=revision&revision=1858438
- URL-https://svn.apache.org/viewvc?view=revision&revision=1858543
- URL-https://svn.apache.org/viewvc?view=revision&revision=1860595
- URL-https://svn.apache.org/viewvc?view=revision&revision=1860616
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.