How severe is CVE-2022-25813?

CVE-2022-25813 has a CVSS v3 score of 7.5 (HIGH).

CVE-2022-25813

Name: ofbiz
Author: apache

7.5HIGH

In Apache OFBiz, versions 18.12.05 and earlier, an attacker acting as an anonymous user of the ecommerce plugin, can insert a malicious content in a message “Subject” field from the "Contact us" page.

Published: 9/2/2022Updated: 11/21/2024

Description

In Apache OFBiz, versions 18.12.05 and earlier, an attacker acting as an anonymous user of the ecommerce plugin, can insert a malicious content in a message “Subject” field from the "Contact us" page. Then a party manager needs to list the communications in the party component to activate the SSTI. A RCE is then possible.

AI AnalysisPowered by AI

Affected Products

apacheofbiz

References

http://www.openwall.com/lists/oss-security/2022/09/02/4
Mailing ListPatchThird Party Advisory
https://lists.apache.org/thread/vmj5s0qb59t0lvzf3vol3z1sc3sgyb2b
Mailing ListPatchVendor Advisory
http://www.openwall.com/lists/oss-security/2022/09/02/4
Mailing ListPatchThird Party Advisory
https://lists.apache.org/thread/vmj5s0qb59t0lvzf3vol3z1sc3sgyb2b
Mailing ListPatchVendor Advisory