Emily Bishop

**Name of the Vulnerable Software and Affected Versions** Apache OFBiz versions prior to 24.09.06 **Description** Apache OFBiz contains issues involving improper neutralization of input during web page generation, improper limitation of a pathname to a restricted directory, and improper control of generation of code. These flaws allow for Cross-site Scripting (XSS), Path Traversal, and Code Injection, specifically within the Catalog Manager, which can lead to arbitrary file write, stored XSS, and Remote Code Execution (RCE). **Recommendations** Upgrade to version 24.09.06.