PT-2025-14118 · Apache · Apache Ofbiz

Khaled Nassar

Published

2025-04-01

Updated

2025-04-29

CVE-2025-30676

CVSS v2.0

6.4

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:N

Name of the Vulnerable Software and Affected Versions Apache OFBiz versions prior to 18.12.19

Description The issue is related to Improper Neutralization of Script-Related HTML Tags in a Web Page, also known as Basic XSS. This is a type of security vulnerability that occurs when an application fails to properly neutralize script-related HTML tags, allowing an attacker to inject malicious scripts into a web page.

Recommendations For Apache OFBiz versions prior to 18.12.19, upgrade to version 18.12.19 to fix the issue.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-80CWE-79

Related Identifiers

BDU:2025-06621

CVE-2025-30676

Affected Products

Apache Ofbiz

PT-2025-14118 · Apache · Apache Ofbiz

CVE-2025-30676

Weakness Enumeration

Related Identifiers

Affected Products

References · 12