XSS in Apache Software Foundation Ofbiz

CVE-2025-30676

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 18.12.19. Users are recommended to upgrade to version 18.12.19, which fixes the issue.

EPSS: 0.576 (99.0th percentile) — read the EPSS interpretation.

Affected products

Apache Software Foundation Ofbiz — versions 0

Weakness classification (CWE)

CWE-80 — Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)

References

ofbiz.apache.org/download.html (mitigation, release-notes, product)
ofbiz.apache.org/security.html (patch)
issues.apache.org/jira/browse/OFBIZ-13219 (issue-tracking)
lists.apache.org/thread/8d718qt8dqthnw1gmyxsq8glfdjklnjf (vendor-advisory)