PT-2022-17248 · Apache · Apache Ofbiz
Aleksey Solovev
+1
·
Published
2022-09-02
·
Updated
2022-09-07
·
CVE-2022-25370
CVSS v3.1
5.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Apache OFBiz versions prior to 18.12.05
Description
The issue allows an unauthenticated malicious user to perform a stored XSS attack, enabling the injection of a malicious payload that can be executed. This is made possible by leveraging a vulnerability in the Birt plugin used by Apache OFBiz for data visualizations and reports.
Recommendations
For Apache OFBiz versions prior to 18.12.05, update to a version that includes the fix for the Birt plugin vulnerability to prevent stored XSS attacks.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Apache Ofbiz