Matias Madou

**Name of the Vulnerable Software and Affected Versions** Apache Open For Business Project (aka OFBiz) versions 10.04.x through 10.04.01 **Description** The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML via various means, including a parameter array in freemarker templates, the `contentId` or `mapKey` parameter in a cms event request, unspecified input in an ajax request to the `getServerError` function in `checkoutProcess.js`, or a Webslinger component request. The vulnerabilities arise from improper handling of input in error messages. **Recommendations** For Apache Open For Business Project (aka OFBiz) versions 10.04.x through 10.04.01, update to version 10.04.02 or later to resolve the issue.