EIP-2026-104163

PRE-CVE

Apache OFBiz 16.11.05 - Cross-Site Scripting

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-104163. PoCs published by DKM.

AI-analyzed exploit summary This is a technical writeup describing a stored XSS vulnerability in Apache OFBiz v16.11.05. It details the steps to reproduce the vulnerability, including the specific field ('Text Data') and section ('ViewForumMessage') where input sanitization is lacking.

Description

Apache OFBiz 16.11.05 - Cross-Site Scripting

Exploits (1)

exploitdb WRITEUP

by DKM · textwebappsmultiple

https://www.exploit-db.com/exploits/45975

View Code ZIP pw:eip

This is a technical writeup describing a stored XSS vulnerability in Apache OFBiz v16.11.05. It details the steps to reproduce the vulnerability, including the specific field ('Text Data') and section ('ViewForumMessage') where input sanitization is lacking.

Classification

Writeup 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: Apache OFBiz v16.11.05

Auth required

Prerequisites: Access to the E-Commerce application · Valid user credentials

MITRE ATT&CK

T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026