Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2013-0177

Опубликовано: 30 янв. 2014
Источник: nvd
CVSS2: 3.5
EPSS Низкий

Описание

Multiple cross-site scripting (XSS) vulnerabilities in widget/screen/ModelScreenWidget.java in Apache Open For Business Project (aka OFBiz) 10.04.x before 10.04.05, 11.04.01, and possibly 09.04.x allow remote authenticated users to inject arbitrary web script or HTML via the (1) Screenlet.title or (2) Image.alt Widget attribute, as demonstrated by the parentPortalPageId parameter to exampleext/control/ManagePortalPages.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:apache:ofbiz:09.04:*:*:*:*:*:*:*
cpe:2.3:a:apache:ofbiz:09.04.01:*:*:*:*:*:*:*
cpe:2.3:a:apache:ofbiz:10.04:*:*:*:*:*:*:*
cpe:2.3:a:apache:ofbiz:10.04.01:*:*:*:*:*:*:*
cpe:2.3:a:apache:ofbiz:10.04.02:*:*:*:*:*:*:*
cpe:2.3:a:apache:ofbiz:10.04.03:*:*:*:*:*:*:*
cpe:2.3:a:apache:ofbiz:10.04.04:*:*:*:*:*:*:*
cpe:2.3:a:apache:ofbiz:11.04.01:*:*:*:*:*:*:*

EPSS

Процентиль: 84%
0.02354
Низкий

3.5 Low

CVSS2

Дефекты

CWE-79

Связанные уязвимости

github логотип

GHSA-w9c3-p3j8-wq65

github
почти 4 года назад

Multiple cross-site scripting (XSS) vulnerabilities in widget/screen/ModelScreenWidget.java in Apache Open For Business Project (aka OFBiz) 10.04.x before 10.04.05, 11.04.01, and possibly 09.04.x allow remote authenticated users to inject arbitrary web script or HTML via the (1) Screenlet.title or (2) Image.alt Widget attribute, as demonstrated by the parentPortalPageId parameter to exampleext/control/ManagePortalPages.

EPSS

Процентиль: 84%
0.02354
Низкий

3.5 Low

CVSS2

Дефекты

CWE-79