What is CVE-2015-3268?

CVE-2015-3268 is a medium-severity vulnerability in Apache Ofbiz, classified under Cross-site Scripting. CVSS score: 6.1/10. Published 2016-04-12.

How severe is CVE-2015-3268?

Medium severity. CVSS v3 base score is 6.1 out of 10.

XSS in Apache Ofbiz

CVE-2015-3268

Cross-site scripting (XSS) vulnerability in the DisplayEntityField.getDescription method in ModelFormField.java in Apache OFBiz before 12.04.06 and 13.07.x before 13.07.03 allows remote attackers to inject arbitrary web script or HTML via…

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.053 (90.2th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.1 (Medium). Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N.

Affected products

Apache Ofbiz — versions 12.04.01, 12.04.02, 12.04.03
N/a — versions n/a

Weakness classification (CWE)

CWE-79 — Cross-site Scripting

References

secalert@redhat.com (x_refsource_CONFIRM, Patch, Vendor Advisory)
secalert@redhat.com (x_refsource_CONFIRM)
secalert@redhat.com (x_refsource_CONFIRM)
1035514 (vdb-entry, x_refsource_SECTRACK)
secalert@redhat.com (x_refsource_CONFIRM, Patch, Vendor Advisory)
secalert@redhat.com (x_refsource_MISC)
20160408 CVE-2015-3268: Apache OFBiz information disclosure vulnerability (mailing-list, x_refsource_BUGTRAQ)

Frequently asked questions

What is CVE-2015-3268?: CVE-2015-3268 is a medium-severity vulnerability in Apache Ofbiz, classified under Cross-site Scripting. CVSS score: 6.1/10. Published 2016-04-12.
How severe is CVE-2015-3268?: Medium severity. CVSS v3 base score is 6.1 out of 10.