Apache OFBiz 18.12.05 Birt Plugin Stored XSS Vulnerability
CVE-2022-25370 Published on September 2, 2022
Unauth Stored XSS vulnerability in the Birt plugin of Apache OFBiz
Apache OFBiz uses the Birt plugin (https://eclipse.github.io/birt-website/) to create data visualizations and reports. In Apache OFBiz release 18.12.05, and earlier versions, by leveraging a vulnerability in Birt (https://bugs.eclipse.org/bugs/show_bug.cgi?id=538142), an unauthenticated malicious user could perform a stored XSS attack in order to inject a malicious payload and execute it using the stored XSS.
Weakness Type
What is a XSS Vulnerability?
The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
CVE-2022-25370 has been classified to as a XSS vulnerability or weakness.
Products Associated with CVE-2022-25370
Want to know whenever a new CVE is published for Apache OFBiz? stack.watch will email you.
Affected Versions
Apache Software Foundation Apache OFBiz:- Version Apache OFBiz, <= 18.12.05 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.