HomePentest-Tools.com Logo

Apache OFBiz Multiple XSS Vulnerabilities CVE-2010-0432

Severity
Not available
CVSSv3 Score
Not available
Vulnerability description

Apache OFBiz is prone to multiple cross-site scripting (XSS) vulnerabilities.

Risk description

The flaws are caused by improper validation of user-supplied input via: - the productStoreId parameter to control/exportProductListing - the partyId parameter to partymgr/control/viewprofile - the start parameter to myportal/control/showPortalPage - an invalid URI beginning with /facility/control/ReceiveReturn - the contentId parameter to ecommerce/control/ViewBlogArticle - the entityName parameter to webtools/control/FindGeneric - subject or content parameter to an unspecified component under ecommerce/control/contactus. Successful attack could lead to execution of arbitrary HTML and script code in the context of an affected site and attackers can steal cookie-based authentication credentials.

Recommendation

Update to the latest version of Apache OFBiz.

Codename
Not available
Detectable with
Network Scanner
Scan engine
OpenVAS
Exploitable with Sniper
No
CVE Published
Apr 15, 2010
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available