This host is running Apache OFBiz and is prone to multiple Cross-Site Scripting vulnerabilities.

Successful attack could lead to execution of arbitrary HTML and script code in the context of an affected site and attackers can steal cookie-based authentication credentials. Impact Level: Application

Upgrade to the latest version of Apache OFBiz, For updates refer to http://ofbiz.apache.org/download.html

The flaws are caused by improper validation of user-supplied input via, (1) the productStoreId parameter to control/exportProductListing, (2) the partyId parameter to partymgr/control/viewprofile, (3) the start parameter to myportal/control/showPortalPage, (4) an invalid URI beginning with /facility/control/ReceiveReturn, (5) the contentId parameter to ecommerce/control/ViewBlogArticle, (6) the entityName parameter to webtools/control/FindGeneric, or the (7) subject or (8) content parameter to an unspecified component under ecommerce/control/contactus.

Apache OFBiz 9.04 SVN Revision 920371 and prior,

• http://seclists.org/bugtraq/2010/Apr/139
• http://www.bonsai-sec.com/en/research/vulnerabilities/apacheofbiz-multiple-xss-0103.php
• http://www.securityfocus.com/archive/1/510746

---

Updated on 2015-03-25