CVE-2015-3268

Name of the Vulnerable Software and Affected Versions Apache OFBiz versions prior to 12.04.06 Apache OFBiz versions 13.07.x prior to 13.07.03

Description A cross-site scripting (XSS) issue exists due to insufficient validation in the DisplayEntityField.getDescription method. This allows remote attackers to inject arbitrary web script or HTML via the description attribute of a display-entity element.

Recommendations For Apache OFBiz versions prior to 12.04.06, update to version 12.04.06 or later. For Apache OFBiz versions 13.07.x prior to 13.07.03, update to version 13.07.03 or later.