CVE-2014-0232

Name of the Vulnerable Software and Affected Versions Apache OFBiz versions 11.04.01 through 11.04.04 Apache OFBiz versions 12.04.01 through 12.04.03

Description The issue allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. This is due to multiple cross-site scripting (XSS) vulnerabilities in the framework/common/webcommon/includes/messages.ftl file. The vulnerabilities are not properly handled in a result or error message.

Recommendations For Apache OFBiz versions 11.04.01 through 11.04.04, update to version 11.04.05 or later. For Apache OFBiz versions 12.04.01 through 12.04.03, update to version 12.04.04 or later.