Apache OFBiz uses the Birt plugin (https://eclipse.github.io/birt-website/) to create data visualizations and reports. In Apache OFBiz release 18.12.05, and earlier versions, by leveraging a vulnerability in Birt (https://bugs.eclipse.org/bugs/show_bug.cgi?id=538142), an unauthenticated malicious user could perform a stored XSS attack in order to inject a malicious payload and execute it using the stored XSS.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: apache
Published: 2022-09-02T07:10:16
Updated: 2024-08-03T04:36:06.924Z
Reserved: 2022-02-20T00:00:00
Link: CVE-2022-25370
Vulnrichment
No data.
NVD
Status : Modified
Published: 2022-09-02T07:15:07.320
Modified: 2024-11-21T06:52:05.577
Link: CVE-2022-25370
Redhat
No data.