CVE-2006-6587: XSS
First published: Fri Dec 15 2006(Updated: )
Cross-site scripting (XSS) vulnerability in the forum implementation in the ecommerce component in the Apache Open For Business Project (OFBiz) allows remote attackers to inject arbitrary web script or HTML by posting a message.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apache OFBiz |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2006-6587?
CVE-2006-6587 is considered a medium severity vulnerability due to its potential for cross-site scripting (XSS) attacks.
How does CVE-2006-6587 affect Apache OFBiz?
CVE-2006-6587 affects the forum implementation in the ecommerce component of Apache OFBiz, allowing attackers to inject arbitrary web scripts or HTML.
How can I mitigate CVE-2006-6587?
Mitigation of CVE-2006-6587 involves validating and sanitizing user inputs in the forum implementation to prevent XSS attacks.
Is there a patch available for CVE-2006-6587?
Yes, patches or upgrades may be available from Apache that address the CVE-2006-6587 vulnerability.
What should I do if I am using an affected version of Apache OFBiz regarding CVE-2006-6587?
If using an affected version of Apache OFBiz, you should update to the latest version or apply the recommended security patches to protect against CVE-2006-6587.
- collector/nvd-historical
- vendor/apache
- product/ofbiz
- canonical/apache ofbiz
- collector/nvd-index
- agent/author
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/type
- agent/weakness