Marco Risaliti

#19425of 53,633
13.6Total CVSS
Vulnerabilities · 2
Medium
2
PT-2006-7189
6.8
2006-12-15
Apache · Apache Open For Business Project · CVE-2006-6587
**Name of the Vulnerable Software and Affected Versions** Apache Open For Business Project (OFBiz) (affected versions not specified) **Description** A cross-site scripting (XSS) issue exists in the forum implementation of the ecommerce component, allowing remote attackers to inject arbitrary web script or HTML by posting a message. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2006-7191
6.8
2006-12-15
Opentaps · Opentaps · CVE-2006-6589
**Name of the Vulnerable Software and Affected Versions** Apache Open For Business Project (OFBiz) (affected versions not specified) Opentaps version 0.9.3 **Description** A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML via the `SEARCH STRING` parameter in the ecommerce/control/keywordsearch endpoint. **Recommendations** For Opentaps version 0.9.3, avoid using the `SEARCH STRING` parameter in the ecommerce/control/keywordsearch endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.