CVE-2025-30676
6.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Apache OFBiz.
This issue affects Apache OFBiz: before 18.12.19.
Users are recommended to upgrade to version 18.12.19, which fixes the issue.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Apache Software Foundation | Apache OFBiz | 0 < 18.12.19 | affected |
Weaknesses
- CWE-80: CWE-80 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
CVE Program Container
Additional References
References
- https://ofbiz.apache.org/download.html
- https://ofbiz.apache.org/security.html
- https://issues.apache.org/jira/browse/OFBIZ-13219
- https://lists.apache.org/thread/8d718qt8dqthnw1gmyxsq8glfdjklnjf
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.