Apache OFBiz uses the Birt plugin (https://eclipse.github.io/birt-website/) to create data visualizations and reports. In Apache OFBiz release 18.12.05, and earlier versions, by leveraging a vulnerability in Birt (https://bugs.eclipse.org/bugs/show_bug.cgi?id=538142), an unauthenticated malicious user could perform a stored XSS attack in order to inject a malicious payload and execute it using the stored XSS.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: apache

Published: 2022-09-02T07:10:16

Updated: 2024-08-03T04:36:06.924Z

Reserved: 2022-02-20T00:00:00

Link: CVE-2022-25370

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2022-09-02T07:15:07.320

Modified: 2024-11-21T06:52:05.577

Link: CVE-2022-25370

cve-icon Redhat

No data.