The default configuration of the Apache OFBiz framework offers a blog functionality. Different users are able to operate blogs which are related to specific parties. In the form field for the creation of new blog articles the user input of the summary field as well as the article field is not properly sanitized. It is possible to inject arbitrary JavaScript code in these form fields. This code gets executed from the browser of every user who is visiting this article. Mitigation: Upgrade to Apache OFBiz 16.11.01.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: apache
Published: 2017-08-30T17:00:00Z
Updated: 2024-09-16T16:34:06.607Z
Reserved: 2016-08-12T00:00:00
Link: CVE-2016-6800
Vulnrichment
No data.
NVD
Status : Modified
Published: 2017-08-30T17:29:00.247
Modified: 2024-11-21T02:56:51.163
Link: CVE-2016-6800
Redhat
No data.