Apache OFBiz Reflected XSS

Sooraj V Nair
Published on
10 Jan 2022


Apache OFBiz is a framework that includes accounting, order processing, and other business activities as well as a common data model.

Data received with contentId to /control/stream is not sanitised, making Apache OFBiz 16.11.01 through 16.11.07 vulnerable to Reflected cross-site scripting. Because it allows attackers to inject arbitrary JavaScript code into the website, it is a potential threat.


  • Update Apache OFBiz to the latest version
Automated human-like penetration testing for your web apps & APIs
Teams using Beagle Security are set up in minutes, embrace release-based CI/CD security testing and save up to 65% with timely remediation of vulnerabilities. Sign up for a free account to see what it can do for you.

Written by
Sooraj V Nair
Sooraj V Nair
Cyber Security Engineer
Find website security issues in a flash
Improve your website's security posture with proactive vulnerability detection.
Free website security assessment