Marco Risaliti

**Name of the Vulnerable Software and Affected Versions** Apache Open For Business Project (OFBiz) (affected versions not specified) **Description** A cross-site scripting (XSS) issue exists in the forum implementation of the ecommerce component, allowing remote attackers to inject arbitrary web script or HTML by posting a message. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Apache Open For Business Project (OFBiz) (affected versions not specified) Opentaps version 0.9.3 **Description** A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML via the `SEARCH STRING` parameter in the ecommerce/control/keywordsearch endpoint. **Recommendations** For Opentaps version 0.9.3, avoid using the `SEARCH STRING` parameter in the ecommerce/control/keywordsearch endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.