Vulnerability CVE-2014-0232

Vulnerability CVE-2014-0232

Published: 2014-08-22

Description:

	Topic	Author	Date
Low	Apache OFBiz 11.04.04 / 12.04.03 Cross Site Scripting	Gregory Draperi	20.08.2014

Type:

(Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'))

CVSS Base Score	Impact Subscore	Exploitability Subscore
4.3/10	2.9/10	8.6/10

Affected software
Apache -> Ofbiz

http://ofbiz.apache.org/download.html#vulnerabilities

http://packetstormsecurity.com/files/127929/Apache-OFBiz-11.04.04-12.04.03-Cross-Site-Scripting.html

http://seclists.org/oss-sec/2014/q3/405

http://svn.apache.org/viewvc?view=revision&revision=r1608698

http://www.securityfocus.com/archive/1/533163/100/0/threaded

http://www.securityfocus.com/bid/69286

http://www.securitytracker.com/id/1030739

https://exchange.xforce.ibmcloud.com/vulnerabilities/95356