CVE-2013-0177: Cross-Site Scripting (XSS) Vulnerability in Apache OFBiz Severity: Important
Vendor: The Apache Software Foundation Versions Affected: Apache OFBiz 11.04.01 Apache OFBiz 10.04.04 and earlier releases in the series (10.04.*) The unsupported Apache OFBiz 09.04.* versions may be also affected Description: Reflected Cross-Site Scripting Vulnerability affecting Screenlet.title and Image.alt Widget attributes because the content of these two elements was not properly escaped. Mitigation: 10.04.* users should upgrade to 10.04.05 11.04.01 users should upgrade to 11.04.02 Credit: This issue was discovered by Marcos Garcia (@artsweb)/ Juan Caillava (@jcaillava) References: http://ofbiz.apache.org/download.html#vulnerabilities
