Summary
This host is running Apache OFBiz and is prone to multiple Cross-Site Scripting vulnerabilities.
Impact
Successful attack could lead to execution of arbitrary HTML and script code in the context of an affected site and attackers can steal cookie-based authentication credentials.
Impact Level: Application
Solution
Upgrade to the latest version of Apache OFBiz,
For updates refer to http://ofbiz.apache.org/download.html
Insight
The flaws are caused by improper validation of user-supplied input via, (1) the productStoreId parameter to control/exportProductListing, (2) the partyId parameter to partymgr/control/viewprofile, (3) the start parameter to myportal/control/showPortalPage, (4) an invalid URI beginning with /facility/control/ReceiveReturn, (5) the contentId parameter to ecommerce/control/ViewBlogArticle, (6) the entityName parameter to webtools/control/FindGeneric, or the (7) subject or (8) content parameter to an unspecified component under ecommerce/control/contactus.
Affected
Apache OFBiz 9.04 SVN Revision 920371 and prior,
References
Severity
Classification
-
CVE CVE-2010-0432 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
Related Vulnerabilities
- Apache Web Server ETag Header Information Disclosure Weakness
- Adobe ColdFusion Multiple Vulnerabilities-03 May-2014
- A Really Simple Chat Multiple XSS Vulnerabilities
- AeroMail Cross Site Request Forgery, HTML Injection and Cross Site Scripting Vulnerabilities
- Afian 'includer.php' Directory Traversal Vulnerability