CVE-2025-61623

CVE-2025-61623: Apache OFBiz: Reflected Cross-site Scripting

Vendor Apache Software Foundation

Product Apache OFBiz

Weakness CWE-79 · XSS

Published November 12, 2025

Last update November 12, 2025

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

Description

Reflected cross-site scripting vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.03. Users are recommended to upgrade to version 24.09.03, which fixes the issue.

Key dates

Disclosure timeline

November 12, 2025 CVE published

November 12, 2025 Record updated