CVE-2026-31379

Name of the Vulnerable Software and Affected Versions Apache OFBiz versions prior to 24.09.06

Description Apache OFBiz contains issues involving improper neutralization of input during web page generation, improper limitation of a pathname to a restricted directory, and improper control of generation of code. These flaws allow for Cross-site Scripting (XSS), Path Traversal, and Code Injection, specifically within the Catalog Manager, which can lead to arbitrary file write, stored XSS, and Remote Code Execution (RCE).

Recommendations Upgrade to version 24.09.06.