CVE-2016-6800

Name of the Vulnerable Software and Affected Versions Apache OFBiz versions prior to 16.11.01

Description The Apache OFBiz framework has a blog functionality that allows different users to operate blogs related to specific parties. The form fields for creating new blog articles do not properly sanitize user input in the summary and article fields, allowing the injection of arbitrary JavaScript code. This code is executed in the browser of every user visiting the affected article.

Recommendations For versions prior to 16.11.01, upgrade to Apache OFBiz 16.11.01 to resolve the issue. As a temporary workaround, consider restricting access to the blog functionality until the upgrade is applied.