vulnerability
Apache OFBiz: CVE-2020-1943: Cross-Site Scripting (XSS) vulnerability.
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 4 | (AV:N/AC:M/Au:N/C:N/I:P/A:N) | Apr 1, 2020 | Dec 23, 2024 | Nov 28, 2025 |
Severity
4
CVSS
(AV:N/AC:M/Au:N/C:N/I:P/A:N)
Published
Apr 1, 2020
Added
Dec 23, 2024
Modified
Nov 28, 2025
Description
Data sent with contentid to /control/stream is not sanitized, allowing xss attacks in apache ofbiz 16.11.01 to 16.11.07.
Solution
apache-ofbiz-upgrade-latest
References
- CWE-79
- CVE-2020-1943
- https://attackerkb.com/topics/CVE-2020-1943
- URL-https://lists.apache.org/thread.html/r034123f2767830169fd04c922afb22d2389de6e2faf3a083207202bc%40%3Ccommits.ofbiz.apache.org%3E
- URL-https://lists.apache.org/thread.html/r8efd5b62604d849ae2f93b2eb9ce0ce0356a4cf5812deed14030a757%40%3Cdev.ofbiz.apache.org%3E
- URL-https://lists.apache.org/thread.html/ra6c011af63d8a8cd8c0b8f72b2b0c392af4d5ed040ba59be344d13fa%40%3Cdev.ofbiz.apache.org%3E
- URL-https://s.apache.org/pr5u8
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.