Full Disclosure mailing list archives
[CVE-2013-0177] Cross-Site Scripting (XSS) Vulnerability in Apache OFBiz
From: Jacopo Cappellato <jacopoc () apache org>
Date: Fri, 18 Jan 2013 18:09:32 +0100
CVE-2013-0177: Cross-Site Scripting (XSS) Vulnerability in Apache OFBiz Severity: Important Vendor: The Apache Software Foundation Versions Affected: Apache OFBiz 11.04.01 Apache OFBiz 10.04.04 and earlier releases in the series (10.04.*) The unsupported Apache OFBiz 09.04.* versions may be also affected Description: Reflected Cross-Site Scripting Vulnerability affecting Screenlet.title and Image.alt Widget attributes because the content of these two elements was not properly escaped. Mitigation: 10.04.* users should upgrade to 10.04.05 11.04.01 users should upgrade to 11.04.02 Credit: This issue was discovered by Marcos Garcia (@artsweb)/ Juan Caillava (@jcaillava) References: http://ofbiz.apache.org/download.html#vulnerabilities _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- [CVE-2013-0177] Cross-Site Scripting (XSS) Vulnerability in Apache OFBiz Jacopo Cappellato (Jan 18)