Apache OFBiz Multiple Cross Site Scripting and HTML Injection Vulnerabilities
Schweregrad: : Medium
Identificador(es) CVE: : CVE-2010-0432
Data do informe: 21 julho 2015
Descrição
Apache OFBiz (Open For Business) is prone to multiple cross-site-scripting and HTML-injection vulnerabilities because it fails to properly sanitize user-supplied input before using it in dynamically generated content.
Attacker-supplied HTML and script code would run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible.
Exposição das informações
Apply associated Trend Micro DPI Rules.
Solução
Trend Micro Deep Security DPI Rule Number: 1000552
Trend Micro Deep Security DPI Rule Name: 1000552 - Generic Cross Site Scripting(XSS) Prevention
Software infectado e versão:
- apache open_for_business_project 09.04