CVE-2016-6800
Published: Aug 30, 2017
Modified: Sep 16, 2024
Description
The default configuration of the Apache OFBiz framework offers a blog functionality. Different users are able to operate blogs which are related to specific parties. In the form field for the creation of new blog articles the user input of the summary field as well as the article field is not properly sanitized. It is possible to inject arbitrary JavaScript code in these form fields. This code gets executed from the browser of every user who is visiting this article. Mitigation: Upgrade to Apache OFBiz 16.11.01.
| Vendor | Product | Versions |
|---|---|---|
Apache Software Foundation | Apache OFBiz | affected 13.07.*affected 12.04.*affected 11.04.* |
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now