Show filters
2 Total Results
Displaying 1-2 of 2
Sort by:
Attacker Value
Unknown

CVE-2023-33725

Disclosure Date: June 21, 2023 (last updated February 25, 2025)
Broadleaf 5.x and 6.x (including 5.2.25-GA and 6.2.6-GA) was discovered to contain a cross-site scripting (XSS) vulnerability via a customer signup with a crafted email address. This is fixed in 6.2.6.1-GA.
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2020-21266

Disclosure Date: October 29, 2020 (last updated February 22, 2025)
Broadleaf Commerce 5.1.14-GA is affected by cross-site scripting (XSS) due to a slow HTTP post vulnerability.
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0