CVE-2025-30676 Information

Description

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Apache OFBiz.

This issue affects Apache OFBiz: before 18.12.19.

Users are recommended to upgrade to version 18.12.19 which fixes the issue.

Reference

http://www.openwall.com/lists/oss-security/2025/04/01/5 https://issues.apache.org/jira/browse/OFBIZ-13219 https://lists.apache.org/thread/8d718qt8dqthnw1gmyxsq8glfdjklnjf https://ofbiz.apache.org/download.html https://ofbiz.apache.org/security.html