Vulnerability
Description
Apache OFBiz is a framework that includes accounting, order processing, and other business activities as well as a common data model.
Data received with contentId to /control/stream is not sanitised, making Apache OFBiz 16.11.01 through 16.11.07 vulnerable to Reflected cross-site scripting. Because it allows attackers to inject arbitrary JavaScript code into the website, it is a potential threat.
Recommendations
- Update Apache OFBiz to the latest version
Written by
Experience the Beagle Security platform
Unlock one full penetration test and all Advanced plan features free for 10 days
