Apache OFBiz Multiple Cross Site Scripting Vulnerabilities

This host is running Apache OFBiz and is prone to multiple Cross-Site Scripting vulnerabilities.
Successful attack could lead to execution of arbitrary HTML and script code in the context of an affected site and attackers can steal cookie-based authentication credentials. Impact Level: Application
Upgrade to the latest version of Apache OFBiz, For updates refer to http://ofbiz.apache.org/download.html
The flaws are caused by improper validation of user-supplied input via, (1) the productStoreId parameter to control/exportProductListing, (2) the partyId parameter to partymgr/control/viewprofile, (3) the start parameter to myportal/control/showPortalPage, (4) an invalid URI beginning with /facility/control/ReceiveReturn, (5) the contentId parameter to ecommerce/control/ViewBlogArticle, (6) the entityName parameter to webtools/control/FindGeneric, or the (7) subject or (8) content parameter to an unspecified component under ecommerce/control/contactus.
Apache OFBiz 9.04 SVN Revision 920371 and prior,