Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Multiple cross-site scripting (XSS) vulnerabilities in Apache Open For Business Project (aka OFBiz) 10.04.x before 10.04.02 allow remote attackers to inject arbitrary web script or HTML via (1) a parameter array in freemarker templates, the (2) contentId or (3) mapKey parameter in a cms event request, which are not properly handled in an error message, or unspecified input in (4) an ajax request to the getServerError function in checkoutProcess.js or (5) a Webslinger component request. NOTE: some of these details are obtained from third party information.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Apache Open For Business Project 跨站脚本漏洞
Vulnerability Description
Apache Open For Business Project(也称OFBiz)是美国阿帕奇(Apache)软件基金会的一套企业资源计划(ERP)系统。该系统提供了一整套基于Java的Web应用程序组件和工具。 Apache Open For Business Project 10.04.02之前的10.04.x版本中存在跨站脚本漏洞,该漏洞源于checkoutProcess.js脚本中的‘getServerError()’函数没有充分过滤用户提交的输入;freemarker模板没有充分过滤参数数组;c
CVSS Information
N/A
Vulnerability Type
N/A