Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2020-1943

Data sent with contentId to /control/stream is not sanitized, allowing XSS attacks in Apache OFBiz 16.11.01 to 16.11.07.

Published

2020-04-01T19:15:14.563

Last Modified

2024-11-21T05:11:40.287

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 6.1 (MEDIUM)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality Impact: NONE
Integrity Impact: PARTIAL
Availability Impact: NONE

Exploitability Score

8.6

Impact Score

2.9

Weaknesses

Type: Primary
CWE-79

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	apache	ofbiz	≤ 16.11.07	Yes

References

https://lists.apache.org/thread.html/r034123f2767830169fd04c922afb22d2389de6e2faf3a083207202bc%40%3Ccommits.ofbiz.apache.org%3E ([email protected])
https://lists.apache.org/thread.html/r8efd5b62604d849ae2f93b2eb9ce0ce0356a4cf5812deed14030a757%40%3Cdev.ofbiz.apache.org%3E ([email protected])
https://lists.apache.org/thread.html/ra6c011af63d8a8cd8c0b8f72b2b0c392af4d5ed040ba59be344d13fa%40%3Cdev.ofbiz.apache.org%3E ([email protected])
https://s.apache.org/pr5u8 Vendor Advisory ([email protected])
https://lists.apache.org/thread.html/r034123f2767830169fd04c922afb22d2389de6e2faf3a083207202bc%40%3Ccommits.ofbiz.apache.org%3E (af854a3a-2127-422b-91ae-364da2661108)
https://lists.apache.org/thread.html/r8efd5b62604d849ae2f93b2eb9ce0ce0356a4cf5812deed14030a757%40%3Cdev.ofbiz.apache.org%3E (af854a3a-2127-422b-91ae-364da2661108)
https://lists.apache.org/thread.html/ra6c011af63d8a8cd8c0b8f72b2b0c392af4d5ed040ba59be344d13fa%40%3Cdev.ofbiz.apache.org%3E (af854a3a-2127-422b-91ae-364da2661108)
https://s.apache.org/pr5u8 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)