Vulnerabilities > Apache > Ofbiz > 16.11.06

DATE CVE VULNERABILITY TITLE RISK
2020-07-15 CVE-2020-13923 Authorization Bypass Through User-Controlled Key vulnerability in Apache Ofbiz
IDOR vulnerability in the order processing feature from ecommerce component of Apache OFBiz before 17.12.04
network
low complexity
apache CWE-639
5.3
5.3
2020-04-01 CVE-2020-1943 Cross-site Scripting vulnerability in Apache Ofbiz
Data sent with contentId to /control/stream is not sanitized, allowing XSS attacks in Apache OFBiz 16.11.01 to 16.11.07.
network
low complexity
apache CWE-79
6.1
6.1
2020-02-06 CVE-2019-12426 Unspecified vulnerability in Apache Ofbiz
an unauthenticated user could get access to information of some backend screens by invoking setSessionLocale in Apache OFBiz 16.11.01 to 16.11.06
network
low complexity
apache
5.3
5.3
2019-09-11 CVE-2019-0189 Deserialization of Untrusted Data vulnerability in Apache Ofbiz
The java.io.ObjectInputStream is known to cause Java serialisation issues.
network
low complexity
apache CWE-502
critical
 9.8
9.8