Vulnerability Database

318,206

Total vulnerabilities in the database

CVE-2024-48962

Improper Control of Generation of Code ('Code Injection'), Cross-Site Request Forgery (CSRF), : Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Apache OFBiz.

This issue affects Apache OFBiz: before 18.12.17.

Users are recommended to upgrade to version 18.12.17, which fixes the issue.

Published: Nov 18, 2024
Updated: Nov 16, 2025
CVE: CVE-2024-48962
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 8.8
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWEs:

CWE-352
CWE-94
CWE-1336

Affected Software
References

Software	From	Fixed in
apache / ofbiz	-	18.12.17

http://www.openwall.com/lists/oss-security/2024/11/16/2
https://issues.apache.org/jira/browse/OFBIZ-13162
https://lists.apache.org/thread/6sddh4pts90cp8ktshqb4xykdp6lb6q6
https://ofbiz.apache.org/download.html
https://ofbiz.apache.org/security.html

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo