Vulnerabilities > Apache > Ofbiz > 13.07
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-07-15 | CVE-2020-13923 | Authorization Bypass Through User-Controlled Key vulnerability in Apache Ofbiz IDOR vulnerability in the order processing feature from ecommerce component of Apache OFBiz before 17.12.04 | 5.3 |
| 2017-08-30 | CVE-2016-6800 | Cross-site Scripting vulnerability in Apache Ofbiz The default configuration of the Apache OFBiz framework offers a blog functionality. | 6.1 |
| 2017-08-30 | CVE-2016-4462 | Improper Input Validation vulnerability in Apache Ofbiz By manipulating the URL parameter externalLoginKey, a malicious, logged in user could pass valid Freemarker directives to the Template Engine that are reflected on the webpage; a specially crafted Freemarker template could be used for remote code execution. | 8.8 |
| 2016-04-12 | CVE-2016-2170 | Improper Input Validation vulnerability in Apache Ofbiz Apache OFBiz 12.04.x before 12.04.06 and 13.07.x before 13.07.03 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library. | 9.8 |