Nikita Podotykin

**Name of the Vulnerable Software and Affected Versions** Apache OFBiz versions prior to 18.12.05 **Description** The issue allows an unauthenticated malicious user to perform a stored XSS attack, enabling the injection of a malicious payload that can be executed. This is made possible by leveraging a vulnerability in the Birt plugin used by Apache OFBiz for data visualizations and reports. **Recommendations** For Apache OFBiz versions prior to 18.12.05, update to a version that includes the fix for the Birt plugin vulnerability to prevent stored XSS attacks.

**Name of the Vulnerable Software and Affected Versions** Apache OFBiz versions 18.12.05 and earlier **Description** The issue allows for a remote code execution (RCE) attack by leveraging a bug in the Birt project plugin used for data visualizations and reports. **Recommendations** For Apache OFBiz versions 18.12.05 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.