CVE-2014-0232
Apache OFBiz 11.04.01-11.04.04 and 12.04.01-12.04.03 - Cross-Site Scripting in messages.ftl
Title source: llmDescription
Multiple cross-site scripting (XSS) vulnerabilities in framework/common/webcommon/includes/messages.ftl in Apache OFBiz 11.04.01 before 11.04.05 and 12.04.01 before 12.04.04 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, which are not properly handled in a (1) result or (2) error message.
References (9)
Core 9
Core References
Mailing List mailing-list
x_refsource_mlist
http://seclists.org/oss-sec/2014/q3/405
Patch, Vendor Advisory x_refsource_confirm
http://ofbiz.apache.org/download.html#vulnerabilities
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1030739
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/95356
Patch x_refsource_confirm
http://svn.apache.org/viewvc?view=revision&revision=r1608698
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/60807
Exploit, Third Party Advisory x_refsource_misc
http://packetstormsecurity.com/files/127929/Apache-OFBiz-11.04.04-12.04.03-Cross-Site-Scripting.html
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/533163/100/0/threaded
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/69286
Scores
EPSS
0.1258
EPSS Percentile
94.1%
Details
CWE
CWE-79
Status
published
Products (7)
apache/ofbiz
12.04.01
apache/ofbiz
12.04.02
apache/ofbiz
12.04.03
apache/ofbiz
11.04.01
apache/ofbiz
11.04.02
apache/ofbiz
11.04.03
apache/ofbiz
11.04.04
Published
Aug 22, 2014
Tracked Since
Feb 18, 2026