Apache Software Foundation OFBiz 18.12.15

CPE Details

Apache Software Foundation OFBiz 18.12.15
apache
ofbiz
18.12.15
2024-08-05
15h02 +00:00
2024-08-05
15h02 +00:00
CPE NVD
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
Gestion des notifications

CPE Name: cpe:2.3:a:apache:ofbiz:18.12.15:*:*:*:*:*:*:*

Informations

Vendor

apache

Product

ofbiz

Version

18.12.15

Related CVE

Open and find in CVE List

CVE ID Publié Description Score Gravité
CVE-2025-30676 2025-04-01 14h43 +00:00 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 18.12.19. Users are recommended to upgrade to version 18.12.19, which fixes the issue.
6.1
Moyen
CVE-2024-48962 2024-11-18 08h41 +00:00 Improper Control of Generation of Code ('Code Injection'), Cross-Site Request Forgery (CSRF), : Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 18.12.17. Users are recommended to upgrade to version 18.12.17, which fixes the issue.
8.9
Haute
CVE-2024-45195 2024-09-04 08h08 +00:00 Direct Request ('Forced Browsing') vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 18.12.16. Users are recommended to upgrade to version 18.12.16, which fixes the issue.
9.8
Critique
CVE-2024-45507 2024-09-04 08h08 +00:00 Server-Side Request Forgery (SSRF), Improper Control of Generation of Code ('Code Injection') vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 18.12.16. Users are recommended to upgrade to version 18.12.16, which fixes the issue.
9.8
Critique
CVE-2006-6588 2006-12-15 19h00 +00:00 The forum implementation in the ecommerce component in the Apache Open For Business Project (OFBiz) trusts the (1) dataResourceTypeId, (2) contentTypeId, and certain other hidden form fields, which allows remote attackers to create unauthorized types of content, modify content, or have other unknown impact.
7.5
CVE-2006-6587 2006-12-15 18h00 +00:00 Cross-site scripting (XSS) vulnerability in the forum implementation in the ecommerce component in the Apache Open For Business Project (OFBiz) allows remote attackers to inject arbitrary web script or HTML by posting a message.
6.8
CVE-2006-6589 2006-12-15 18h00 +00:00 Cross-site scripting (XSS) vulnerability in ecommerce/control/keywordsearch in the Apache Open For Business Project (OFBiz) and Opentaps 0.9.3 allows remote attackers to inject arbitrary web script or HTML via the SEARCH_STRING parameter, a different issue than CVE-2006-6587. NOTE: some of these details are obtained from third party information.
6.8
Les informations affichées sur CVE Find proviennent de plusieurs sources de référence rigoureusement sélectionnées. Les données CVE sont fournies par MITRE Corporation et la National Vulnerability Database (NVD). Le catalogue des vulnérabilités activement exploitées (KEV) provient de la Cybersecurity and Infrastructure Security Agency (CISA), tandis que les scores EPSS sont issus de FIRST.org. Enfin, les données relatives aux faiblesses logicielles (CWE) et aux schémas d'attaque courants (CAPEC) sont maintenues par MITRE Corporation, et les informations sur les configurations logicielles et matérielles (CPE) proviennent du NVD.