CVE-2013-2137 - Apache OFBiz XSS vulnerability in the View Log screen of the
Webtools application
Vendor:
The Apache Software Foundation
Versions Affected:
Apache OFBiz 10.04.01 to 10.04.05
Apache OFBiz 11.04.01 to 11.04.02
Apache OFBiz 12.04.01
Description:
XSS vulnerability in the View Log
CVE-2013-2250 - Apache OFBiz Nested expression evaluation allows remote users
to execute arbitrary UEL functions in OFBiz
Vendor:
The Apache Software Foundation
Versions Affected:
Apache OFBiz 10.04.01 to 10.04.05
Apache OFBiz 11.04.01 to 11.04.02
Apache OFBiz 12.04.01
Description:
Parameter
CVE-2013-0177: Cross-Site Scripting (XSS) Vulnerability in Apache OFBiz
Severity: Important
Vendor:
The Apache Software Foundation
Versions Affected:
Apache OFBiz 11.04.01
Apache OFBiz 10.04.04 and earlier releases in the series (10.04.*)
The unsupported Apache OFBiz 09.04.* versions may be
The Apache OFBiz community is pleased to announce the new release Apache OFBiz
10.04.03.
Apache OFBiz is an open source enterprise automation software project (ERP,
CRM, E-Business / E-Commerce, MRP, SCM, CMMS/EAM...):
http://ofbiz.apache.org/
Apache OFBiz 10.04.03 is a bug fix release for
==
Apache OFBiz 10.04 and later allows remote attackers to execute arbitrary code
via unspecified vectors
== Mitigation==
10.04 users should upgrade to 10.04.02
==Credit==
This issue was discovered by Jacopo Cappellato, Apache OFBiz project
signature.asc
Description: Message signed
CVE-2012-1621: Apache OFBiz information disclosure vulnerability
Severity: Important
Vendor:
The Apache Software Foundation - Apache OFBiz
==Versions Affected==
Apache OFBiz 10.04 (also known as 10.04.01)
==Description==
Multiple XSS:
XSS 1:
Error messages containing user