Apache Software Foundation OFBiz 18.12.17

CPE Details

Apache Software Foundation OFBiz 18.12.17
apache
ofbiz
18.12.17
2025-02-11
11h47 +00:00
2025-02-11
11h47 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:apache:ofbiz:18.12.17:*:*:*:*:*:*:*

Informations

Vendor

apache

Product

ofbiz

Version

18.12.17

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2025-30676 2025-04-01 14h43 +00:00 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 18.12.19. Users are recommended to upgrade to version 18.12.19, which fixes the issue.
6.1
Medium
CVE-2006-6588 2006-12-15 19h00 +00:00 The forum implementation in the ecommerce component in the Apache Open For Business Project (OFBiz) trusts the (1) dataResourceTypeId, (2) contentTypeId, and certain other hidden form fields, which allows remote attackers to create unauthorized types of content, modify content, or have other unknown impact.
7.5
CVE-2006-6587 2006-12-15 18h00 +00:00 Cross-site scripting (XSS) vulnerability in the forum implementation in the ecommerce component in the Apache Open For Business Project (OFBiz) allows remote attackers to inject arbitrary web script or HTML by posting a message.
6.8
CVE-2006-6589 2006-12-15 18h00 +00:00 Cross-site scripting (XSS) vulnerability in ecommerce/control/keywordsearch in the Apache Open For Business Project (OFBiz) and Opentaps 0.9.3 allows remote attackers to inject arbitrary web script or HTML via the SEARCH_STRING parameter, a different issue than CVE-2006-6587. NOTE: some of these details are obtained from third party information.
6.8
The information presented on CVE Find originates from several carefully selected reference sources. CVE data is provided by MITRE Corporation and the National Vulnerability Database (NVD). The Known Exploited Vulnerabilities (KEV) catalog is sourced from the Cybersecurity and Infrastructure Security Agency (CISA), while EPSS scores come from FIRST.org. Additionally, data regarding software weaknesses (CWE) and common attack patterns (CAPEC) is maintained by MITRE Corporation, and information on hardware and software configurations (CPE) is provided by the NVD.