CVE-2012-1621

Name of the Vulnerable Software and Affected Versions Apache Open For Business Project (aka OFBiz) versions 10.04.x through 10.04.01

Description The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML via various means, including a parameter array in freemarker templates, the contentId or mapKey parameter in a cms event request, unspecified input in an ajax request to the getServerError function in checkoutProcess.js, or a Webslinger component request. The vulnerabilities arise from improper handling of input in error messages.

Recommendations For Apache Open For Business Project (aka OFBiz) versions 10.04.x through 10.04.01, update to version 10.04.02 or later to resolve the issue.