First published: Wed Apr 01 2020(Updated: )
Data sent with contentId to /control/stream is not sanitized, allowing XSS attacks in Apache OFBiz 16.11.01 to 16.11.07.
Credit: security@apache.org
Affected Software | Affected Version | How to fix |
---|---|---|
Apache OFBiz | >=16.11.01<=16.11.07 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2020-1943 is medium with a CVSS score of 6.1.
CVE-2020-1943 affects Apache OFBiz versions 16.11.01 to 16.11.07.
The CWE ID for CVE-2020-1943 is 79.
To fix CVE-2020-1943, it is recommended to update Apache OFBiz to a version beyond 16.11.07.
You can find more information about CVE-2020-1943 in the references provided: [reference 1](https://lists.apache.org/thread.html/r034123f2767830169fd04c922afb22d2389de6e2faf3a083207202bc@%3Ccommits.ofbiz.apache.org%3E), [reference 2](https://lists.apache.org/thread.html/r8efd5b62604d849ae2f93b2eb9ce0ce0356a4cf5812deed14030a757@%3Cdev.ofbiz.apache.org%3E), [reference 3](https://lists.apache.org/thread.html/ra6c011af63d8a8cd8c0b8f72b2b0c392af4d5ed040ba59be344d13fa@%3Cdev.ofbiz.apache.org%3E).