Lilian Iatco

**Name of the Vulnerable Software and Affected Versions** Apache OFBiz versions prior to 12.04.06 Apache OFBiz versions 13.07.x prior to 13.07.03 **Description** A cross-site scripting (XSS) issue exists due to insufficient validation in the DisplayEntityField.getDescription method. This allows remote attackers to inject arbitrary web script or HTML via the `description` attribute of a display-entity element. **Recommendations** For Apache OFBiz versions prior to 12.04.06, update to version 12.04.06 or later. For Apache OFBiz versions 13.07.x prior to 13.07.03, update to version 13.07.03 or later.