Vulnerability Details CVE-2022-25370
Apache OFBiz uses the Birt plugin (https://eclipse.github.io/birt-website/) to create data visualizations and reports. In Apache OFBiz release 18.12.05, and earlier versions, by leveraging a vulnerability in Birt (https://bugs.eclipse.org/bugs/show_bug.cgi?id=538142), an unauthenticated malicious user could perform a stored XSS attack in order to inject a malicious payload and execute it using the stored XSS.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.009
EPSS Ranking 74.8%
CVSS Severity
CVSS v3 Score 5.4
Products affected by CVE-2022-25370
-
-
cpe:2.3:a:apache:ofbiz:09.04
-
cpe:2.3:a:apache:ofbiz:09.04.01
-
cpe:2.3:a:apache:ofbiz:10.04
-
cpe:2.3:a:apache:ofbiz:10.04.01
-
cpe:2.3:a:apache:ofbiz:10.04.02
-
cpe:2.3:a:apache:ofbiz:10.04.03
-
cpe:2.3:a:apache:ofbiz:10.04.04
-
cpe:2.3:a:apache:ofbiz:10.04.05
-
cpe:2.3:a:apache:ofbiz:10.04.06
-
cpe:2.3:a:apache:ofbiz:11.04
-
cpe:2.3:a:apache:ofbiz:11.04.01
-
cpe:2.3:a:apache:ofbiz:11.04.02
-
cpe:2.3:a:apache:ofbiz:11.04.03
-
cpe:2.3:a:apache:ofbiz:11.04.04
-
cpe:2.3:a:apache:ofbiz:11.04.05
-
cpe:2.3:a:apache:ofbiz:11.04.06
-
cpe:2.3:a:apache:ofbiz:12.04
-
cpe:2.3:a:apache:ofbiz:12.04.01
-
cpe:2.3:a:apache:ofbiz:12.04.02
-
cpe:2.3:a:apache:ofbiz:12.04.03
-
cpe:2.3:a:apache:ofbiz:12.04.04
-
cpe:2.3:a:apache:ofbiz:12.04.05
-
cpe:2.3:a:apache:ofbiz:12.04.06
-
cpe:2.3:a:apache:ofbiz:13.07
-
cpe:2.3:a:apache:ofbiz:13.07.01
-
cpe:2.3:a:apache:ofbiz:13.07.02
-
cpe:2.3:a:apache:ofbiz:13.07.03
-
cpe:2.3:a:apache:ofbiz:16.11.01
-
cpe:2.3:a:apache:ofbiz:16.11.02
-
cpe:2.3:a:apache:ofbiz:16.11.03
-
cpe:2.3:a:apache:ofbiz:16.11.04
-
cpe:2.3:a:apache:ofbiz:16.11.05
-
cpe:2.3:a:apache:ofbiz:16.11.06
-
cpe:2.3:a:apache:ofbiz:16.11.07
-
cpe:2.3:a:apache:ofbiz:17.12.01
-
cpe:2.3:a:apache:ofbiz:17.12.03
-
cpe:2.3:a:apache:ofbiz:17.12.04
-
cpe:2.3:a:apache:ofbiz:17.12.05
-
cpe:2.3:a:apache:ofbiz:17.12.06
-
cpe:2.3:a:apache:ofbiz:17.12.07
-
cpe:2.3:a:apache:ofbiz:17.12.08
-
cpe:2.3:a:apache:ofbiz:17.12.09
-
cpe:2.3:a:apache:ofbiz:18.12.01
-
cpe:2.3:a:apache:ofbiz:18.12.02
-
cpe:2.3:a:apache:ofbiz:18.12.03
-
cpe:2.3:a:apache:ofbiz:18.12.04
-
cpe:2.3:a:apache:ofbiz:18.12.05
-
cpe:2.3:a:apache:ofbiz:9.04
-
cpe:2.3:a:apache:ofbiz:9.04.01
-
cpe:2.3:a:apache:ofbiz:9.04.02