XSS in Apache Ofbiz
CVE-2016-6800
The default configuration of the Apache OFBiz framework offers a blog functionality. Different users are able to operate blogs which are related to specific parties. In the form field for the creation of new blog articles the user input of…
Vulnerability class: XSS (Cross-Site Scripting)
EPSS: 0.013 (80.0th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 6.1 (Medium). Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N.
Affected products
- Apache Ofbiz — versions 11.04, 11.04.01, 11.04.02
- Apache Software Foundation Ofbiz — versions 12.04.*, 13.07.*, 11.04.*
Weakness classification (CWE)
References
- security@apache.org (Vendor Advisory, mailing-list, x_refsource_MLIST, Mailing List, Mitigation)
- security@apache.org (mailing-list, x_refsource_MLIST)
Frequently asked questions
- What is CVE-2016-6800?
- CVE-2016-6800 is a medium-severity vulnerability in Apache Ofbiz, classified under Cross-site Scripting. CVSS score: 6.1/10. Published 2017-08-30.
- How severe is CVE-2016-6800?
- Medium severity. CVSS v3 base score is 6.1 out of 10.