QwikSec

Security Database

CVE

CWE

Training

CVE-2012-1621

Published: Jun 19, 2014

Modified: Aug 6, 2024

PUBLISHED

Description

Multiple cross-site scripting (XSS) vulnerabilities in Apache Open For Business Project (aka OFBiz) 10.04.x before 10.04.02 allow remote attackers to inject arbitrary web script or HTML via (1) a parameter array in freemarker templates, the (2) contentId or (3) mapKey parameter in a cms event request, which are not properly handled in an error message, or unspecified input in (4) an ajax request to the getServerError function in checkoutProcess.js or (5) a Webslinger component request. NOTE: some of these details are obtained from third party information.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

20120415 [CVE-2012-1621] Apache OFBiz information disclosure vulnerability

mailing-list

x_refsource_BUGTRAQ

[www-announce] 20120415 Apache OFBiz 10.04.02 released

mailing-list

x_refsource_MLIST

http://ofbiz.apache.org/download.html#vulnerabilities

x_refsource_CONFIRM

third-party-advisory

x_refsource_SECUNIA

vdb-entry

x_refsource_OSVDB

vdb-entry

x_refsource_OSVDB

vdb-entry

x_refsource_OSVDB

20120415 [CVE-2012-1621] Apache OFBiz information disclosure vulnerability

mailing-list

x_refsource_FULLDISC

apache-ofbiz-multiple-xss(74870)

vdb-entry

x_refsource_XF

vdb-entry

x_refsource_BID

vdb-entry

x_refsource_OSVDB

[ofbiz-dev] 20120415 [CVE-2012-1621] Apache OFBiz information disclosure vulnerability

mailing-list

x_refsource_MLIST

vdb-entry

x_refsource_SECTRACK

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.