Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list]
Date: Fri, 8 Apr 2016 21:57:35 +0200
From: "" <>
Subject: CVE-2015-3268: Apache OFBiz information disclosure vulnerability

CVE-2015-3268: Apache OFBiz information disclosure vulnerability

Severity: Moderate

The Apache Software Foundation

Versions Affected:
Apache OFBiz 13.07.02 and 13.07.01
Apache OFBiz 12.04.05 and earlier releases in the series (12.04.*)
The unsupported releases 11.04.*,  10.04.*  and 09.04 versions are also affected (Lilian Iatco reported he tried with r691692, which is early March 2008)

Stored Cross-Site Scripting Vulnerability affecting the description attribute of the display-entity element because it was not escaped.

13.07.* users should upgrade to 13.07.03
12.04.05 users should upgrade to 12.04.06
You can find more information at

This issue was discovered by Lilian Iatco and reported at




Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.