CVE-2025-30676

Apache OFBiz: Stored XSS Vulnerability

CVSS 6.1 MEDIUMEPSS 59.5%CWE-80

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 18.12.19. Users are recommended to upgrade to version 18.12.19, which fixes the issue.

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Productos afectados

Apache Software Foundation · Apache OFBiz

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://issues.apache.org/jira/browse/OFBIZ-13219 https://lists.apache.org/thread/8d718qt8dqthnw1gmyxsq8glfdjklnjf https://ofbiz.apache.org/download.html https://ofbiz.apache.org/security.html http://www.openwall.com/lists/oss-security/2025/04/01/5