Back to search
CVE-2022-25370
Published: Sep 2, 2022
Modified: Aug 3, 2024
PUBLISHED
Description
Apache OFBiz uses the Birt plugin (https://eclipse.github.io/birt-website/) to create data visualizations and reports. In Apache OFBiz release 18.12.05, and earlier versions, by leveraging a vulnerability in Birt (https://bugs.eclipse.org/bugs/show_bug.cgi?id=538142), an unauthenticated malicious user could perform a stored XSS attack in order to inject a malicious payload and execute it using the stored XSS.
| Vendor | Product | Versions |
|---|---|---|
Apache Software Foundation | Apache OFBiz | affected Apache OFBiz - <= 18.12.05 |
Weaknesses (CWE)
References
https://lists.apache.org/thread/vrvzokvxqtc4t6d7g8xgz89xpxcvjofh
x_refsource_MISC
[oss-security] 20220902 Apache OFBiz - Unauth Stored XSS (CVE-2022-25370)
mailing-list
x_refsource_MLIST
[oss-security] 20220903 Re: Apache OFBiz - Unauth Path Traversal with file corruption (CVE-2022-25371)
mailing-list
x_refsource_MLIST
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now