QwikSec

Security Database

CVE

CWE

Training

CVE-2013-0177

Published: Jan 30, 2014

Modified: Aug 6, 2024

PUBLISHED

Description

Multiple cross-site scripting (XSS) vulnerabilities in widget/screen/ModelScreenWidget.java in Apache Open For Business Project (aka OFBiz) 10.04.x before 10.04.05, 11.04.01, and possibly 09.04.x allow remote authenticated users to inject arbitrary web script or HTML via the (1) Screenlet.title or (2) Image.alt Widget attribute, as demonstrated by the parentPortalPageId parameter to exampleext/control/ManagePortalPages.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

vdb-entry

x_refsource_OSVDB

http://ofbiz.apache.org/download.html#vulnerabilities

x_refsource_CONFIRM

20130118 [CVE-2013-0177] Cross-Site Scripting (XSS) Vulnerability in Apache OFBiz

mailing-list

x_refsource_FULLDISC

vdb-entry

x_refsource_OSVDB

http://packetstormsecurity.com/files/119673/Apache-OFBiz-Cross-Site-Scripting.html

x_refsource_MISC

https://fisheye6.atlassian.com/changelog/ofbiz?cs=1432395

x_refsource_CONFIRM

apache-ofbiz-xss(81398)

vdb-entry

x_refsource_XF

third-party-advisory

x_refsource_SECUNIA

https://fisheye6.atlassian.com/changelog/ofbiz?cs=1432850

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.