CVE-2020-1943

Summary

Data sent with contentId to /control/stream is not sanitized, allowing XSS attacks in Apache OFBiz 16.11.01 to 16.11.07.

Affected Software

VendorProductVersion RangeStatus
ApacheApache OFBiz16.11.01 to 16.11.07affected

Weaknesses

  • XSS Vulnerability

ADP Enrichment

CVE Program Container

Additional References

References