- Description
- Reflected cross-site scripting vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.03. Users are recommended to upgrade to version 24.09.03, which fixes the issue.
- Source
- security@apache.org
- NVD status
- Analyzed
- Products
- ofbiz
CVSS 3.1
- Type
- Secondary
- Base score
- 6.5
- Impact score
- 2.5
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
- Severity
- MEDIUM
- security@apache.org
- CWE-79
- Hype score
- Not currently trending
🚨🚨Apache OFBiz Double Trouble: RCE + XSS CVE-2025-59118: Unrestricted file upload allowing remote command execution. CVE-2025-61623: Reflected Cross-site Scripting ZoomEye Dork👉app="Apache OFBiz" 844 live targets on ZoomEye ZoomEye Link: https://t.co/uXf12pQCHC Refer:
@zoomeye_team
13 Nov 2025
1067 Impressions
1 Retweet
15 Likes
4 Bookmarks
0 Replies
0 Quotes
CVE-2025-61623 Reflected cross-site scripting vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.03. Users are recommended to upgrade to version 24.09.03… https://t.co/1onDSSDOru
@CVEnew
12 Nov 2025
102 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:ofbiz:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C0FD636F-C69E-4284-95A0-0CD8A5DEB08F",
"versionEndExcluding": "24.09.03",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]