Home > Vulnerability Database > CVE-2013-2137

Mend.io Vulnerability Database

CVE-2013-2137

Good to know:

Date: August 15, 2013

Cross-site scripting (XSS) vulnerability in the "View Log" screen in the Webtools application in Apache Open For Business Project (aka OFBiz) 10.04.01 through 10.04.05, 11.04.01 through 11.04.02, and 12.04.01 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Language: Java

Severity Score

3.7

Related Resources (8)

Url: http://archives.neohapsis.com/archives/bugtraq/2013-07/0144.html

Url: http://ofbiz.apache.org/download.html#vulnerabilities

Url: https://exchange.xforce.ibmcloud.com/vulnerabilities/85874

Url: http://osvdb.org/95523

Url: http://secunia.com/advisories/53910

Url: https://nvd.nist.gov/vuln/detail/CVE-2013-2137

Url: http://www.securityfocus.com/bid/61370

Url: https://www.mend.io/vulnerability-database/CVE-2013-2137

Severity Score

3.7

Weakness Type (CWE)

Cross-Site Scripting (XSS)

CWE-79

Top Fix

Upgrade Version

Upgrade to version 10.04.06

Learn More

CVSS v3.1

Base Score:	3.7
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	NONE

CVSS v2

Base Score:	4.3
Access Vector (AV):	NETWORK
Access Complexity (AC):	MEDIUM
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	NONE
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2013-2137

Good to know:

Date: August 15, 2013

Language: Java

Severity Score

Related Resources (8)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

CVSS v2

Do you need more information?