CVSS: 6.1EPSS: 29%CPEs: 1EXPL: 0CVE-2020-1943
https://notcve.org/view.php?id=CVE-2020-1943
01 Apr 2020 — Data sent with contentId to /control/stream is not sanitized, allowing XSS attacks in Apache OFBiz 16.11.01 to 16.11.07. Los datos enviados con contentId hacia /control/stream no son saneados, permitiendo ataques de tipo XSS en Apache OFBiz versiones 16.11.01 hasta 16.11.07. • https://lists.apache.org/thread.html/r034123f2767830169fd04c922afb22d2389de6e2faf3a083207202bc%40%3Ccommits.ofbiz.apache.org%3E • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2019-12426
https://notcve.org/view.php?id=CVE-2019-12426
06 Feb 2020 — an unauthenticated user could get access to information of some backend screens by invoking setSessionLocale in Apache OFBiz 16.11.01 to 16.11.06 Un usuario no autenticado podría obtener acceso a la información de algunas pantallas del back-end invocando setSessionLocale en Apache OFBiz versiones 16.11.01 hasta 16.11.06 • https://lists.apache.org/thread.html/r034123f2767830169fd04c922afb22d2389de6e2faf3a083207202bc%40%3Ccommits.ofbiz.apache.org%3E •
CVSS: 7.5EPSS: 5%CPEs: 1EXPL: 0CVE-2011-3600
https://notcve.org/view.php?id=CVE-2011-3600
26 Nov 2019 — The /webtools/control/xmlrpc endpoint in OFBiz XML-RPC event handler is exposed to External Entity Injection by passing DOCTYPE declarations with executable payloads that discloses the contents of files in the filesystem. In addition, it can also be used to probe for open network ports, and figure out from returned error messages whether a file exists or not. This affects OFBiz 16.11.01 to 16.11.04. El endpoint /webtools/control/xmlrpc en el controlador de eventos OFBiz XML-RPC, está expuesto a External Ent... • http://mail-archives.apache.org/mod_mbox/ofbiz-user/201810.mbox/%3Cfad45546-af86-0293-9ea7-014553474b30%40apache.org%3E • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-10074
https://notcve.org/view.php?id=CVE-2019-10074
11 Sep 2019 — An RCE is possible by entering Freemarker markup in an Apache OFBiz Form Widget textarea field when encoding has been disabled on such a field. This was the case for the Customer Request "story" input in the Order Manager application. Encoding should not be disabled without good reason and never within a field that accepts user input. Mitigation: Upgrade to 16.11.06 or manually apply the following commit on branch 16.11: r1858533 Un RCE es posible mediante el ingreso del marcado de Freemarker en un campo te... • https://lists.apache.org/thread.html/a02aaa4c19dfd520807cf6b106b71aad0131a6543f7f60802ae71ec2%40%3Cnotifications.ofbiz.apache.org%3E • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-116: Improper Encoding or Escaping of Output •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2019-10073
https://notcve.org/view.php?id=CVE-2019-10073
11 Sep 2019 — The "Blog", "Forum", "Contact Us" screens of the template "ecommerce" application bundled in Apache OFBiz are weak to Stored XSS attacks. Mitigation: Upgrade to 16.11.06 or manually apply the following commits on branch 16.11: 1858438, 1858543, 1860595 and 1860616 Las pantallas "Blog", "Forum", "Contact Us" de la aplicación de plantilla "ecommerce" incluida en Apache OFBiz son débiles a los ataques de tipo XSS almacenado. Mitigación: actualice a la versión 16.11.06 o aplique manualmente las siguientes confi... • https://lists.apache.org/thread.html/r8f01aab5dd92487c191599def3c950c643d7ad297c4db1d6722ea151%40%3Ccommits.ofbiz.apache.org%3E • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0CVE-2019-0189
https://notcve.org/view.php?id=CVE-2019-0189
11 Sep 2019 — The java.io.ObjectInputStream is known to cause Java serialisation issues. This issue here is exposed by the "webtools/control/httpService" URL, and uses Java deserialization to perform code execution. In the HttpEngine, the value of the request parameter "serviceContext" is passed to the "deserialize" method of "XmlSerializer". Apache Ofbiz is affected via two different dependencies: "commons-beanutils" and an out-dated version of "commons-fileupload" Mitigation: Upgrade to 16.11.06 or manually apply the c... • https://lists.apache.org/thread.html/7316b4fa811e1ec27604cda3c30560e7389fc6b8c91996c9640fabb8%40%3Cnotifications.ofbiz.apache.org%3E • CWE-502: Deserialization of Untrusted Data •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-17200
https://notcve.org/view.php?id=CVE-2018-17200
11 Sep 2019 — The Apache OFBiz HTTP engine (org.apache.ofbiz.service.engine.HttpEngine.java) handles requests for HTTP services via the /webtools/control/httpService endpoint. This service takes the `serviceContent` parameter in the request and deserializes it using XStream. This `XStream` instance is slightly guarded by disabling the creation of `ProcessBuilder`. However, this can be easily bypassed (and in multiple ways). Mitigation: Upgrade to 16.11.06 or manually apply the following commits on branch 16 r1850017+1850... • https://lists.apache.org/thread.html/r034123f2767830169fd04c922afb22d2389de6e2faf3a083207202bc%40%3Ccommits.ofbiz.apache.org%3E •
CVSS: 7.5EPSS: 4%CPEs: 1EXPL: 1CVE-2018-8033
https://notcve.org/view.php?id=CVE-2018-8033
13 Dec 2018 — In Apache OFBiz 16.11.01 to 16.11.04, the OFBiz HTTP engine (org.apache.ofbiz.service.engine.HttpEngine.java) handles requests for HTTP services via the /webtools/control/httpService endpoint. Both POST and GET requests to the httpService endpoint may contain three parameters: serviceName, serviceMode, and serviceContext. The exploitation occurs by having DOCTYPEs pointing to external references that trigger a payload that returns secret information from the host. En Apache OFBiz, desde la versión 16.11.01 ... • https://github.com/Cappricio-Securities/CVE-2018-8033 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 1CVE-2017-15714
https://notcve.org/view.php?id=CVE-2017-15714
04 Jan 2018 — The BIRT plugin in Apache OFBiz 16.11.01 to 16.11.03 does not escape user input property passed. This allows for code injection by passing that code through the URL. For example by appending this code "__format=%27;alert(%27xss%27)" to the URL an alert window would execute. El plugin BIRT en Apache OFBiz de la versión 16.11.01 a la 16.11.03 no escapa la propiedad de la entrada de usuario pasada. Esto permite que se inyecte código pasando ese código a través de una URL. • https://s.apache.org/UO3W • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0CVE-2012-1622
https://notcve.org/view.php?id=CVE-2012-1622
26 Oct 2017 — Apache OFBiz 10.04.x before 10.04.02 allows remote attackers to execute arbitrary code via unspecified vectors. Las versiones 10.04.x de Apache OFBiz anteriores a la 10.04.02 permiten que atacantes remotos ejecuten código arbitrario mediante vectores sin especificar. • http://mail-archives.apache.org/mod_mbox/ofbiz-user/201204.mbox/%3C4F378887-E697-44E7-976C-48B9B7475C4D%40apache.org%3E •