oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

CVE-2025-61623: Apache OFBiz: Reflected Cross-site Scripting

From: Jacques Le Roux <jleroux () apache org>
Date: Tue, 11 Nov 2025 10:13:53 +0000
Severity: important 

Affected versions:

- Apache OFBiz before 24.09.03

Description:

Reflected cross-site scripting vulnerability in Apache OFBiz.

This issue affects Apache OFBiz: before 24.09.03.

Users are recommended to upgrade to version 24.09.03, which fixes the issue.

Credit:

RedHive Team (security () hive red) https://hive.red/en/ (finder)

References:

https://issues.apache.org/jira/browse/OFBIZ-13295
https://ofbiz.apache.org/download.html
https://ofbiz.apache.org/security.html
https://ofbiz.apache.org/release-notes-24.09.03.html
https://ofbiz.apache.org/
https://www.cve.org/CVERecord?id=CVE-2025-61623
Previous By Date Next
Previous By Thread Next

Current thread: