mailing list archives
[CVE-2014-0232] Apache OFBiz Cross-site scripting (XSS) vulnerability
From: Jacopo Cappellato <jacopoc () apache org>
Date: Tue, 19 Aug 2014 10:06:08 +0200
CVE-2014-0232: Apache OFBiz Cross-site scripting (XSS) vulnerability
The Apache Software Foundation
Apache OFBiz 11.04.01 to 11.04.04
Apache OFBiz 12.04.01 to 11.04.03
The unsupported Apache OFBiz 09.04.x, 10.04.x versions may be also affected
Result and error messages returned by some OFBiz services could be a vector for XSS attacks.
11.04.x users should upgrade to 11.04.05
12.04.x users should upgrade to 12.04.04
This issue was discovered by Gregory Draperi.
Description: Message signed with OpenPGP using GPGMail
- [CVE-2014-0232] Apache OFBiz Cross-site scripting (XSS) vulnerability Jacopo Cappellato (Aug 19)