CVE-2013-0177 Information

Feb 14, 2021 cve

Description

Multiple cross-site scripting (XSS) vulnerabilities in widget/screen/ModelScreenWidget.java in Apache Open For Business Project (aka OFBiz) 10.04.x before 10.04.05 11.04.01 and possibly 09.04.x allow remote authenticated users to inject arbitrary web script or HTML via the (1) Screenlet.title or (2) Image.alt Widget attribute as demonstrated by the parentPortalPageId parameter to exampleext/control/ManagePortalPages.

Reference

http://ofbiz.apache.org/download.htmlvulnerabilities http://osvdb.org/89452 http://osvdb.org/89453 http://packetstormsecurity.com/files/119673/Apache-OFBiz-Cross-Site-Scripting.html http://seclists.org/fulldisclosure/2013/Jan/148 http://secunia.com/advisories/51812 https://exchange.xforce.ibmcloud.com/vulnerabilities/81398 https://fisheye6.atlassian.com/changelog/ofbiz?cs=1432395 https://fisheye6.atlassian.com/changelog/ofbiz?cs=1432850

Share on: