Cross-site scripting (XSS) vulnerability in the DisplayEntityField.getDescription method in ModelFormField.java in Apache OFBiz before 12.04.06 and 13.07.x before 13.07.03 allows remote attackers to inject arbitrary web script or HTML via the description attribute of a display-entity element.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2016-04-12T14:00:00

Updated: 2024-08-06T05:39:32.040Z

Reserved: 2015-04-10T00:00:00

Link: CVE-2015-3268

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2016-04-12T14:59:00.130

Modified: 2024-11-21T02:29:02.360

Link: CVE-2015-3268

cve-icon Redhat

No data.