Apache OFBiz Multiple Cross Site Scripting and HTML Injection Vulnerabilities
Severity: : Medium
CVE Kennungen: : CVE-2010-0432
Advisory Date: 21 lipca 2015
DESCRIPTION
Apache OFBiz (Open For Business) is prone to multiple cross-site-scripting and HTML-injection vulnerabilities because it fails to properly sanitize user-supplied input before using it in dynamically generated content.
Attacker-supplied HTML and script code would run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible.
INFORMATION EXPOSURE
Apply associated Trend Micro DPI Rules.
SOLUTION
Trend Micro Deep Security DPI Rule Number: 1000552
Trend Micro Deep Security DPI Rule Name: 1000552 - Generic Cross Site Scripting(XSS) Prevention
AFFECTED SOFTWARE AND VERSION:
- apache open_for_business_project 09.04