HomePentest-Tools.com Logo

Apache OFBiz Multiple XSS Vulnerabilities CVE-2010-0432

Not available
CVSSv3 Score
Not available
Vulnerability description

Apache OFBiz is prone to multiple cross-site scripting (XSS) vulnerabilities.

Risk description

The flaws are caused by improper validation of user-supplied input via: - the productStoreId parameter to control/exportProductListing - the partyId parameter to partymgr/control/viewprofile - the start parameter to myportal/control/showPortalPage - an invalid URI beginning with /facility/control/ReceiveReturn - the contentId parameter to ecommerce/control/ViewBlogArticle - the entityName parameter to webtools/control/FindGeneric - subject or content parameter to an unspecified component under ecommerce/control/contactus. Successful attack could lead to execution of arbitrary HTML and script code in the context of an affected site and attackers can steal cookie-based authentication credentials.


Update to the latest version of Apache OFBiz.

Not available
Detectable with
Network Scanner
Scan engine
Exploitable with Sniper
CVE Published
Apr 15, 2010
Detection added at
Software Type
Not available
Not available
Not available