CVE-2013-0177

NONECVSS 0.0

0.0

Multiple cross-site scripting (XSS) vulnerabilities in widget/screen/ModelScreenWidget.java in Apache Open For Business Project (aka OFBiz) 10.04.x before 10.04.05, 11.04.01, and possibly 09.04.x allow remote authenticated users to inject arbitrary web script or HTML via the (1) Screenlet.title or (2) Image.alt Widget attribute, as demonstrated by the parentPortalPageId parameter to exampleext/control/ManagePortalPages.

🔗 References (18)

secalert@redhathttp://ofbiz.apache.org/download.html#vulnerabilities
secalert@redhathttp://osvdb.org/89452
secalert@redhathttp://osvdb.org/89453
secalert@redhathttp://packetstormsecurity.com/files/119673/Apache-OFBiz-Cross-Site-Scripting.html
secalert@redhathttp://seclists.org/fulldisclosure/2013/Jan/148
secalert@redhathttp://secunia.com/advisories/51812
secalert@redhathttps://exchange.xforce.ibmcloud.com/vulnerabilities/81398
secalert@redhathttps://fisheye6.atlassian.com/changelog/ofbiz?cs=1432395
secalert@redhathttps://fisheye6.atlassian.com/changelog/ofbiz?cs=1432850
af854a3a-2127-422b-91ae-364da2661108http://ofbiz.apache.org/download.html#vulnerabilities
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/89452
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/89453
af854a3a-2127-422b-91ae-364da2661108http://packetstormsecurity.com/files/119673/Apache-OFBiz-Cross-Site-Scripting.html
af854a3a-2127-422b-91ae-364da2661108http://seclists.org/fulldisclosure/2013/Jan/148
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/51812

Is Your Infrastructure Affected by CVE-2013-0177?

EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.

Start Free Scan →Browse All CVEs

CVE-2013-0177

📅 Published

🔄 Last Modified

🔗 References (18)

Dependency Blast Radius

Is Your Infrastructure Affected by CVE-2013-0177?