CVE-2010-0432
Description
Multiple cross-site scripting (XSS) vulnerabilities in the Apache Open For Business Project (aka OFBiz) 09.04 and earlier, as used in Opentaps, Neogia, and Entente Oya, allow remote attackers to inject arbitrary web script or HTML via (1) the productStoreId parameter to control/exportProductListing, (2) the partyId parameter to partymgr/control/viewprofile (aka partymgr/control/login), (3) the start parameter to myportal/control/showPortalPage, (4) an invalid URI beginning with /facility/control/ReceiveReturn (aka /crmsfa/control/ReceiveReturn or /cms/control/ReceiveReturn), (5) the contentId parameter (aka the entityName variable) to ecommerce/control/ViewBlogArticle, (6) the entityName parameter to webtools/control/FindGeneric, or the (7) subject or (8) content parameter to an unspecified component under ecommerce/control/contactus.
Predictions
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No mitigations published for this CVE yet.
The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or โ if you've already worked around this in production โ publish your fix to the community-verified tier.
โ Propose a mitigation on Community โ Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here withsource_tier=community-verified.
Exploits
Public proof-of-concept code below. AS-IS, for defenders and authorised testing only.
Exploit-DB
Apache OFBiz - Multiple Cross-Site Scripting Vulnerabilities
Apache OFBiz - Remote Execution (via SQL Execution)
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| apache | ofbiz | {"endIncluding":"09.04"} | |
References
- http://svn.apache.org/viewvc?view=revision&revision=920369
- http://svn.apache.org/viewvc?view=revision&revision=920370
- http://svn.apache.org/viewvc?view=revision&revision=920371
- http://svn.apache.org/viewvc?view=revision&revision=920372
- http://svn.apache.org/viewvc?view=revision&revision=920379
- http://svn.apache.org/viewvc?view=revision&revision=920380
- http://svn.apache.org/viewvc?view=revision&revision=920381
- http://svn.apache.org/viewvc?view=revision&revision=920382
- http://www.bonsai-sec.com/en/research/vulnerabilities/apacheofbiz-multiple-xss-0103.php
- http://www.securityfocus.com/bid/39489
- http://svn.apache.org/viewvc?view=revision&revision=920369
- http://svn.apache.org/viewvc?view=revision&revision=920370
- http://svn.apache.org/viewvc?view=revision&revision=920371
- http://svn.apache.org/viewvc?view=revision&revision=920372
- http://svn.apache.org/viewvc?view=revision&revision=920379
- http://svn.apache.org/viewvc?view=revision&revision=920380
- http://svn.apache.org/viewvc?view=revision&revision=920381
- http://svn.apache.org/viewvc?view=revision&revision=920382
- http://www.bonsai-sec.com/en/research/vulnerabilities/apacheofbiz-multiple-xss-0103.php
- http://www.securityfocus.com/bid/39489
CWEs
CWE-79
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.