CVE-2006-6587
Apache OFBiz - Stored Cross-Site Scripting in Ecommerce Forum Message Posting
Title source: llmDescription
Cross-site scripting (XSS) vulnerability in the forum implementation in the ecommerce component in the Apache Open For Business Project (OFBiz) allows remote attackers to inject arbitrary web script or HTML by posting a message.
References (5)
Core 5
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://securitytracker.com/id?1017360
Exploit mailing-list
x_refsource_fulldisc
http://archives.neohapsis.com/archives/fulldisclosure/2006-12/0177.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/21529
Exploit x_refsource_confirm
https://issues.apache.org/jira/browse/OFBIZ-260
Exploit x_refsource_confirm
https://issues.apache.org/jira/browse/OFBIZ-178
Scores
EPSS
0.0793
EPSS Percentile
94.1%
Details
Status
published
Products (1)
apache/ofbiz
Published
Dec 15, 2006
Tracked Since
Feb 18, 2026