CVE-2025-30676

Summary

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Apache OFBiz.

This issue affects Apache OFBiz: before 18.12.19.

Users are recommended to upgrade to version 18.12.19, which fixes the issue.

Affected Software

VendorProductVersion RangeStatus
Apache Software FoundationApache OFBiz0 < 18.12.19affected

Weaknesses

  • CWE-80: CWE-80 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References