Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Tue, 19 Aug 2014 10:06:08 +0200
From: Jacopo Cappellato <>
To: " ML" <>,,
 security Team <>,,,
 gregory draperi <>
Subject: [CVE-2014-0232] Apache OFBiz Cross-site scripting (XSS) vulnerability

CVE-2014-0232: Apache OFBiz Cross-site scripting (XSS) vulnerability

Severity: Important

The Apache Software Foundation

Versions Affected:
Apache OFBiz 11.04.01 to 11.04.04
Apache OFBiz 12.04.01 to 11.04.03
The unsupported Apache OFBiz 09.04.x, 10.04.x versions may be also affected

Result and error messages returned by some OFBiz services could be a vector for XSS attacks.

11.04.x users should upgrade to 11.04.05
12.04.x users should upgrade to 12.04.04

This issue was discovered by ´╗┐Gregory Draperi.


Download attachment "signature.asc" of type "application/pgp-signature" (842 bytes)

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ