Vulnerability Description
Data sent with contentId to /control/stream is not sanitized, allowing XSS attacks in Apache OFBiz 16.11.01 to 16.11.07.
CVSS Score
6.1
MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apache | Ofbiz | >= 16.11.01, <= 16.11.07 |
Related Weaknesses (CWE)
References
- https://lists.apache.org/thread.html/r034123f2767830169fd04c922afb22d2389de6e2fa
- https://lists.apache.org/thread.html/r8efd5b62604d849ae2f93b2eb9ce0ce0356a4cf581
- https://lists.apache.org/thread.html/ra6c011af63d8a8cd8c0b8f72b2b0c392af4d5ed040
- https://s.apache.org/pr5u8Vendor Advisory
- https://lists.apache.org/thread.html/r034123f2767830169fd04c922afb22d2389de6e2fa
- https://lists.apache.org/thread.html/r8efd5b62604d849ae2f93b2eb9ce0ce0356a4cf581
- https://lists.apache.org/thread.html/ra6c011af63d8a8cd8c0b8f72b2b0c392af4d5ed040
- https://s.apache.org/pr5u8Vendor Advisory
FAQ
What is CVE-2020-1943?
CVE-2020-1943 is a vulnerability with a CVSS score of 6.1 (MEDIUM). Data sent with contentId to /control/stream is not sanitized, allowing XSS attacks in Apache OFBiz 16.11.01 to 16.11.07.
How severe is CVE-2020-1943?
CVE-2020-1943 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-1943?
Check the references section above for vendor advisories and patch information. Affected products include: Apache Ofbiz.