XSS Vulnerability in Apache OFBiz Affects Web Applications
CVE-2025-30676

6.1MEDIUM

Key Information:

Vendor

Apache
Status
Apache Ofbiz
Vendor
CVE Published:
1 April 2025

What is CVE-2025-30676?

An improper neutralization of script-related HTML tags vulnerability exists in Apache OFBiz, affecting versions prior to 18.12.19. This flaw allows attackers to inject malicious scripts into web pages viewed by users, potentially leading to unauthorized actions or data exposure. It is crucial for users to upgrade to version 18.12.19 or later to mitigate this risk and ensure the security of their applications.

Affected Version(s)

Apache OFBiz 0 < 18.12.19

References

https://ofbiz.apache.org/download.html
mitigationrelease-notesproduct
https://ofbiz.apache.org/security.html
patch
https://issues.apache.org/jira/browse/OFBIZ-13219
issue-tracking

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Khaled Nassar (@mindpatch)
.