Cross-site scripting in OFBiz - CVE-2020-9496
Published: July 15, 2020 / Updated: June 27, 2023
Vulnerability identifier: #VU34153
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:A/U:Clear
CVE-ID: CVE-2020-9496
CWE-ID: CWE-79
Exploitation vector: Remote access
Exploit availability:
Public exploit is available
Vendor: Apache Foundation
Affected software:
OFBiz
OFBiz
Detailed vulnerability description
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
XML-RPC request are vulnerable to unsafe deserialization and Cross-Site Scripting issues in Apache OFBiz 17.12.03
How to mitigate CVE-2020-9496
Install update from vendor's website.