CVE-2025-61623

Опубликовано: 12 нояб. 2025

Источник: nvd

CVSS3: 6.5

EPSS Низкий

Описание

Reflected cross-site scripting vulnerability in Apache OFBiz.

This issue affects Apache OFBiz: before 24.09.03.

Users are recommended to upgrade to version 24.09.03, which fixes the issue.

Ссылки

https://issues.apache.org/jira/browse/OFBIZ-13295
Issue Tracking
https://lists.apache.org/thread/sb2mngrg766qbqt5g29fo0qblk3v4x5y
Mailing List
Vendor Advisory
https://ofbiz.apache.org/download.html
Product
https://ofbiz.apache.org/release-notes-24.09.03.html
Release Notes
https://ofbiz.apache.org/security.html
Vendor Advisory
http://www.openwall.com/lists/oss-security/2025/11/11/2
Mailing List
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:apache:ofbiz:*:*:*:*:*:*:*:*

Версия до 24.09.03 (исключая)

EPSS

Процентиль: 33%

0.00134

Низкий

6.5 Medium

CVSS3

Дефекты

CWE-79

Связанные уязвимости

GHSA-vw27-7cgv-4xfw