Severity: Important Vendor: The Apache Software Foundation
Versions Affected: OFBiz 16.11.01 to 16.11.07 Description: Data sent with "contentId" to "/control/stream" is not sanitized, allowing XSS attacks. Mitigation: Upgrade to 17.12.01 or manually apply the commits at OFBIZ-10753 ---- Credit: Timon Funck <timon.fu...@syss.de> References: http://ofbiz.apache.org/download.html#vulnerabilities