[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: [oss-security] [CVE-2020-1943] Apache OFBiz XSS Vulnerability
From: Jacopo Cappellato <jacopoc () apache ! org>
Date: 2020-03-06 9:08:05
Message-ID: CAEvdU_3tU3NncO5CQ80BAo1LuyVBibaYMUmmhJY+gCrvDStxhQ () mail ! gmail ! com
[Download RAW message or body]
Severity:
Important
Vendor:
The Apache Software Foundation
Versions Affected:
OFBiz 16.11.01 to 16.11.07
Description:
Data sent with "contentId" to "/control/stream" is not sanitized, allowing
XSS attacks.
Mitigation:
Upgrade to 17.12.01 or manually apply the commits at OFBIZ-10753
----
Credit:
Timon Funck <timon.funck@syss.de>
References:
http://ofbiz.apache.org/download.html#vulnerabilities
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic