ID de Prueba:	1.3.6.1.4.1.25623.1.0.901105
Categoría:	Web application abuses
Título:	Apache OFBiz Multiple XSS Vulnerabilities (CVE-2010-0432)
Resumen:	Apache OFBiz is prone to multiple cross-site scripting (XSS); vulnerabilities.
Descripción:	Summary: Apache OFBiz is prone to multiple cross-site scripting (XSS) vulnerabilities. Vulnerability Insight: The flaws are caused by improper validation of user-supplied input via: - the productStoreId parameter to control/exportProductListing - the partyId parameter to partymgr/control/viewprofile - the start parameter to myportal/control/showPortalPage - an invalid URI beginning with /facility/control/ReceiveReturn - the contentId parameter to ecommerce/control/ViewBlogArticle - the entityName parameter to webtools/control/FindGeneric - subject or content parameter to an unspecified component under ecommerce/control/contactus. Vulnerability Impact: Successful attack could lead to execution of arbitrary HTML and script code in the context of an affected site and attackers can steal cookie-based authentication credentials. Affected Software/OS: Apache OFBiz 9.04 SVN Revision 920371 and prior. Solution: Update to the latest version of Apache OFBiz. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2010-0432 BugTraq ID: 39489 http://www.securityfocus.com/bid/39489 http://www.bonsai-sec.com/en/research/vulnerabilities/apacheofbiz-multiple-xss-0103.php
Copyright	Copyright (C) 2010 Greenbone Networks GmbH

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.