Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Apache OFBiz.
This issue affects Apache OFBiz: before 18.12.19.
Users are recommended to upgrade to version 18.12.19, which fixes the issue.
[
{
"id": "CVE-2025-30676-20e49b1b",
"target": {
"file": "framework/webapp/src/main/java/org/apache/ofbiz/webapp/stats/VisitHandler.java"
},
"signature_version": "v1",
"source": "https://github.com/apache/ofbiz-framework/commit/e7b7ae0eaa4561a2357b198e21cc8ca63ffac105",
"signature_type": "Line",
"digest": {
"line_hashes": [
"270636553050228377928738482045062632718",
"88092880747502745536490877065926063446",
"61997303363460049865285101183113629830",
"319616805161412285444859322511083337454"
],
"threshold": 0.9
},
"deprecated": false
}
]
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-30676.json"
"2026-04-12T14:42:33Z"