Details
-
Improvement
-
Status: Open
-
Critical
-
Resolution: Unresolved
-
Trunk, Upcoming Branch
-
None
-
None
-
Bug Crush Event - 21/2/2015
Description
The goal of this virtual issue is only to group together all OFBiz security issues (pending or closed).
This issue should never be closed
Attachments
Issue Links
- incorporates
-
OFBIZ-178 Cross site scripting vulnerability in Forum
- Closed
-
OFBIZ-260 Cross Site Scripting Vulnerability (XSS)
- Closed
-
OFBIZ-1193 html code is not sanitized in all the text input field
- Closed
-
OFBIZ-1106 Passwords in POS are shown in clear text
- Closed
-
OFBIZ-5254 Services allow arbitrary HTML for parameters with allow-html set to "safe"
- Closed
-
OFBIZ-1476 XSS vulnerability in OFBiz Login Form
- Closed
-
OFBIZ-1900 Fortify Open Source Security Report mentioned OFBiz
- Closed
-
OFBIZ-2121 XSS vulnerability in eCommerce/ordermgr
- Closed
-
OFBIZ-6669 Possible stored XSS issue with Content
- Closed
-
OFBIZ-1970 unescaped html special characters create problems in pages
- Closed
-
OFBIZ-4983 New feature to reclaim a user account - Using Security Questions
- Closed
-
OFBIZ-5009 Enforce user to reset his password in a pre-defined regular interval of time.
- Closed
-
OFBIZ-2243 In hyperlink and sub-hyperlink elements, replacement of target parameters by parameter sub-elements
- Closed
-
OFBIZ-2260 Secure URLs in Freemarker templates files
- Closed
-
OFBIZ-10484 Sanitize the output of XML-RPC replies of error data
- Closed
-
OFBIZ-10509 Disable DTDs for XML-RPC requests
- Closed
-
OFBIZ-2330 Main task for securing URLs in Freemarker templates files
- Closed
-
OFBIZ-10517 Update Apache Tomcat to 9.0.10 because of CVE-2018-8037
- Closed
-
OFBIZ-5343 Update owasp-esapi-java
- Closed
- is a parent of
-
OFBIZ-10054 Product content management screen doesn't validate trusted users' input
- Closed
- is related to
-
OFBIZ-7928 Use "Let's encrypt" for OFBiz demos SSL/TLS certificates
- Closed
- mentioned in
-
Page Loading...
1.
|
special security should be required for setting passwords | Open | Unassigned | |
2.
|
Replace SHA-1 by SHA-512 | Open | Unassigned |