Apache OFBiz XSS (CVE-2026-31906) before 24.09.06
CVE-2026-31906 Published on May 19, 2026

Apache OFBiz: Reflected XSS via Improper HTML Attribute Escaping in Layered-Modal Dialog Parameters
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue.

Vendor Advisory NVD

Weakness Type

What is a XSS Vulnerability?

The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

CVE-2026-31906 has been classified to as a XSS vulnerability or weakness.

Products Associated with CVE-2026-31906

Want to know whenever a new CVE is published for Apache OFBiz? stack.watch will email you.

Apache OFBiz

Affected Versions

Apache Software Foundation Apache OFBiz:

Before 24.09.06 is affected.

Apache OFBiz XSS (CVE-2026-31906) before 24.09.06CVE-2026-31906 Published on May 19, 2026

Weakness Type

What is a XSS Vulnerability?

Products Associated with CVE-2026-31906

Affected Versions

Apache OFBiz XSS (CVE-2026-31906) before 24.09.06
CVE-2026-31906 Published on May 19, 2026