Skip to main content

Broadleaf Commerce

2 CVEs product

Monthly

CVE-2023-33725 Maven MEDIUM POC PATCH This Month

Broadleaf 5.x and 6.x (including 5.2.25-GA and 6.2.6-GA) was discovered to contain a cross-site scripting (XSS) vulnerability via a customer signup with a crafted email address. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Broadleaf Commerce
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2020-21266 MEDIUM This Month

Broadleaf Commerce 5.1.14-GA is affected by cross-site scripting (XSS) due to a slow HTTP post vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Broadleaf Commerce
NVD
CVSS 3.1
6.1
EPSS
0.6%
EPSS 0% CVSS 6.1
MEDIUM POC PATCH This Month

Broadleaf 5.x and 6.x (including 5.2.25-GA and 6.2.6-GA) was discovered to contain a cross-site scripting (XSS) vulnerability via a customer signup with a crafted email address. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Broadleaf Commerce
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM This Month

Broadleaf Commerce 5.1.14-GA is affected by cross-site scripting (XSS) due to a slow HTTP post vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Broadleaf Commerce
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy