Severity: Important Vendor: The Apache Software Foundation
Versions Affected: OFBiz 17.12.03 Description: Apache OFBiz XML-RPC request areĀ vulnerable to unsafe deserialization and Cross-Site Scripting issues. Mitigation: Upgrade to 17.12.04 or manually apply the commit at OFBIZ-11716 ---- Credit: Alvaro Munoz fromĀ GitHub Security Lab team <pwntes...@github.com> References: https://ofbiz.apache.org/security.html