CVE-2025-61623: Apache OFBiz: Reflected Cross-site Scripting
oss-sec: CVE-2025-61623: Apache OFBiz: Reflected Cross-site Scripting
Posted by Jacques Le Roux on Nov 11 Severity: important
Affected versions:
- Apache OFBiz before 24.09.03
Description:
Reflected cross-site scripting vulnerability in Apache OFBiz.
This issue affects Apache OFBiz: before 24.09.03.
Users are recommended to upgrade to version 24.09.03, which fixes the issue.
Credit:
RedHive Team (security () hive red) https://hive.red/en/ (finder)
References:
https://issues.apache.org/jira/browse/OFBIZ-13295 ...
seclists.org
November 11, 2025 at 7:40 PM
CVE-2025-61623: Apache OFBiz: Reflected Cross-site Scripting
CVE-2025-59118: Apache OFBiz: Critical Remote Command Execution via Unrestricted File Upload
oss-sec: CVE-2025-59118: Apache OFBiz: Critical Remote Command Execution via Unrestricted File Upload
Posted by Jacques Le Roux on Nov 11 Severity: important
Affected versions:
- Apache OFBiz before 24.09.03
Description:
Unrestricted Upload of File with Dangerous Type vulnerability in Apache OFBiz.
This issue affects Apache OFBiz: before 24.09.03.
Users are recommended to upgrade to version 24.09.03, which fixes the issue.
Credit:
RedHive Team (security () hive red) https://hive.red/en/ (finder)
References:
https://ofbiz.apache.org/download.html ...
seclists.org
November 11, 2025 at 7:36 PM
CVE-2025-59118: Apache OFBiz: Critical Remote Command Execution via Unrestricted File Upload
“Actively Exploited” CVE-2024–38856 Apache OFBiz
https://medium.com/@hariharanhex00/actively-exploited-cve-2024-38856-apache-ofbiz-44f87aa8b944?source=rss------bug_bounty-5
https://medium.com/@hariharanhex00/actively-exploited-cve-2024-38856-apache-ofbiz-44f87aa8b944?source=rss------bug_bounty-5
October 14, 2025 at 2:16 AM
“Actively Exploited” CVE-2024–38856 Apache OFBiz
https://medium.com/@hariharanhex00/actively-exploited-cve-2024-38856-apache-ofbiz-44f87aa8b944?source=rss------bug_bounty-5
https://medium.com/@hariharanhex00/actively-exploited-cve-2024-38856-apache-ofbiz-44f87aa8b944?source=rss------bug_bounty-5
He said I’ll get you $$$&! Vote for meeee! So they did. They voted for a child grapist for promise of a buck. Surprise! He got into office and said bendover, cuz we’re driving you out ofbiz and then the AcreTrader Vance is taking your multi-generation farm.
October 12, 2025 at 1:47 AM
He said I’ll get you $$$&! Vote for meeee! So they did. They voted for a child grapist for promise of a buck. Surprise! He got into office and said bendover, cuz we’re driving you out ofbiz and then the AcreTrader Vance is taking your multi-generation farm.
📦 filabiz/filabiz-app-starter v1.0.2
A Laravel , FilamentPHP and Ofbiz Starter Template
🔗 https://github.com/filabiz/filabiz-dist
A Laravel , FilamentPHP and Ofbiz Starter Template
🔗 https://github.com/filabiz/filabiz-dist
October 10, 2025 at 8:59 PM
📦 filabiz/filabiz-app-starter v1.0.2
A Laravel , FilamentPHP and Ofbiz Starter Template
🔗 https://github.com/filabiz/filabiz-dist
A Laravel , FilamentPHP and Ofbiz Starter Template
🔗 https://github.com/filabiz/filabiz-dist
CVE-2025-54466 - Apache OFBiz Scrum Plugin Code Injection Vulnerability
CVE ID : CVE-2025-54466
Published : Aug. 15, 2025, 3:15 p.m. | 44 minutes ago
Description : Improper Control of Generation of Code ('Code Injection') vulnerability leading to a possible RCE in Apache...
CVE ID : CVE-2025-54466
Published : Aug. 15, 2025, 3:15 p.m. | 44 minutes ago
Description : Improper Control of Generation of Code ('Code Injection') vulnerability leading to a possible RCE in Apache...
CVE-2025-54466 - Apache OFBiz Scrum Plugin Code Injection Vulnerability
Improper Control of Generation of Code ('Code Injection') vulnerability leading to a possible RCE in Apache OFBiz scrum plugin. This issue affects Apache OFBiz: before 24.09.02 only when the scrum plugin is used. Even unauthenticated attackers can exploit this vulnerability. Users are recommended to upgrade to version 24.09.02, which fixes …
cvefeed.io
August 15, 2025 at 4:52 PM
CVE-2025-54466 - Apache OFBiz Scrum Plugin Code Injection Vulnerability
CVE ID : CVE-2025-54466
Published : Aug. 15, 2025, 3:15 p.m. | 44 minutes ago
Description : Improper Control of Generation of Code ('Code Injection') vulnerability leading to a possible RCE in Apache...
CVE ID : CVE-2025-54466
Published : Aug. 15, 2025, 3:15 p.m. | 44 minutes ago
Description : Improper Control of Generation of Code ('Code Injection') vulnerability leading to a possible RCE in Apache...
CVE-2025-54466: Apache OFBiz: RCE Vulnerability in scrum plugin
oss-sec: CVE-2025-54466: Apache OFBiz: RCE Vulnerability in scrum plugin
Posted by Nicolas Malin on Aug 05 Severity: moderate
Affected versions:
- Apache OFBiz before 24.09.02
Description:
Improper Control of Generation of Code ('Code Injection') vulnerability leading to a possible RCE in Apache OFBiz scrum
plugin.
This issue affects Apache OFBiz: before 24.09.02 only when the scrum plugin is used.
Even unauthenticated attackers can exploit this vulnerability.
Users are recommended to upgrade to version 24.09.02, which fixes...
seclists.org
August 5, 2025 at 2:43 PM
CVE-2025-54466: Apache OFBiz: RCE Vulnerability in scrum plugin
RCE in Apache OFBiz: What Devs Should Know About CVE-2023-49070 dev.to/sharon_42e16...
RCE in Apache OFBiz: What Devs Should Know About CVE-2023-49070
> About Author Hi, I'm Sharon, a product manager at Chaitin Tech. We build SafeLine, an...
dev.to
August 3, 2025 at 9:14 AM
RCE in Apache OFBiz: What Devs Should Know About CVE-2023-49070 dev.to/sharon_42e16...
🚨 New CISA Vulnerability Alert 🚨
: Apache OFBiz: Unauthenticated endpoint could allow execution of screen rendering code
CVE-2024-38856
: Apache OFBiz: Unauthenticated endpoint could allow execution of screen rendering code
CVE-2024-38856
Apache OFBiz: Unauthenticated endpoint could allow execution of screen rendering code - CyberAlerts
View detailed information about CVE-2024-38856 on CyberAlerts
cyberalerts.io
July 30, 2025 at 11:40 PM
🚨 New CISA Vulnerability Alert 🚨
: Apache OFBiz: Unauthenticated endpoint could allow execution of screen rendering code
CVE-2024-38856
: Apache OFBiz: Unauthenticated endpoint could allow execution of screen rendering code
CVE-2024-38856
New 0day RCE in Apache OFBiz (CVE-2023-51467): Patch Now dev.to/sharon_42e16...
New 0day RCE in Apache OFBiz (CVE-2023-51467): Patch Now
> About Author Hi, I'm Sharon, a product manager at Chaitin Tech. We build SafeLine, an...
dev.to
July 24, 2025 at 6:10 AM
New 0day RCE in Apache OFBiz (CVE-2023-51467): Patch Now dev.to/sharon_42e16...
📌 Apache OFBiz Platform Vulnerability Allows Path Traversal https://www.cyberhub.blog/article/7777-apache-ofbiz-platform-vulnerability-allows-path-traversal
Apache OFBiz Platform Vulnerability Allows Path Traversal
The Apache OFBiz platform has a path traversal vulnerability due to insufficient validation of the user-provided contextPath parameter. This flaw, identified as CVE-2024-36104, allows an attacker to manipulate file paths and access unauthorized resources. Technical details indicate that the lack of adequate controls on user inputs is the root cause of this vulnerability.
www.cyberhub.blog
June 9, 2025 at 11:00 AM
📌 Apache OFBiz Platform Vulnerability Allows Path Traversal https://www.cyberhub.blog/article/7777-apache-ofbiz-platform-vulnerability-allows-path-traversal
I have just updated my site, here's the writeup of cve-2024-48962 I found in Apache Ofbiz.
www.sebsrt.xyz/blog/cve-202...
www.sebsrt.xyz/blog/cve-202...
sebsrt - Sebastiano Sartor
sebsrt - Sebastiano Sartor
www.sebsrt.xyz
June 2, 2025 at 10:17 PM
I have just updated my site, here's the writeup of cve-2024-48962 I found in Apache Ofbiz.
www.sebsrt.xyz/blog/cve-202...
www.sebsrt.xyz/blog/cve-202...
