Home > Vulnerability Database > CVE-2017-15714

Mend.io Vulnerability Database

CVE-2017-15714

Good to know:

Date: January 4, 2018

The BIRT plugin in Apache OFBiz 16.11.01 to 16.11.03 does not escape user input property passed. This allows for code injection by passing that code through the URL. For example by appending this code "__format=%27;alert(%27xss%27)" to the URL an alert window would execute.

Language: JSP

Severity Score

4.3

Related Resources (3)

Url: https://nvd.nist.gov/vuln/detail/CVE-2017-15714

Url: https://s.apache.org/UO3W

Url: https://www.mend.io/vulnerability-database/CVE-2017-15714

Severity Score

4.3

Weakness Type (CWE)

Injection

CWE-74

Top Fix

Upgrade Version

Upgrade to version 16.11.04

Learn More

CVSS v3

Base Score:	4.3
Attack Vector (AV):
Attack Complexity (AC):
Privileges Required (PR):
User Interaction (UI):
Scope (S):
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	PARTIAL

CVSS v2

Base Score:	5.5
Access Vector (AV):
Access Complexity (AC):
Authentication (AU):
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	HIGH
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2017-15714

Good to know:

Date: January 4, 2018

Language: JSP

Severity Score

Related Resources (3)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3

CVSS v2

Do you need more information?