{"api_version":"1","generated_at":"2026-06-04T14:14:33+00:00","cve":"CVE-2013-2137","urls":{"html":"https://cve.report/CVE-2013-2137","api":"https://cve.report/api/cve/CVE-2013-2137.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2013-2137","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2013-2137"},"summary":{"title":"CVE-2013-2137","description":"Cross-site scripting (XSS) vulnerability in the \"View Log\" screen in the Webtools application in Apache Open For Business Project (aka OFBiz) 10.04.01 through 10.04.05, 11.04.01 through 11.04.02, and 12.04.01 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.","state":"PUBLISHED","assigner":"redhat","published_at":"2013-08-15 16:55:09","updated_at":"2026-04-29 01:13:23"},"problem_types":["CWE-79","n/a"],"metrics":[{"version":"2.0","source":"nvd@nist.gov","type":"Primary","score":"4.3","severity":"","vector":"AV:N/AC:M/Au:N/C:P/I:N/A:N","data":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:N/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"}}],"references":[{"url":"http://secunia.com/advisories/53910","name":"http://secunia.com/advisories/53910","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"],"title":"Security Advisory SA53910 - Apache OFBiz Cross-Site Scripting and Nested Expression Evaluation Vulnerabilities - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/85874","name":"https://exchange.xforce.ibmcloud.com/vulnerabilities/85874","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"],"title":"IBM X-Force Exchange","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/61370","name":"http://www.securityfocus.com/bid/61370","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"],"title":"Apache OFBiz CVE-2013-2317 'View Log' Cross Site Scripting Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"http://ofbiz.apache.org/download.html#vulnerabilities","name":"http://ofbiz.apache.org/download.html#vulnerabilities","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"],"title":"Apache OFBiz - Download Releases","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://archives.neohapsis.com/archives/bugtraq/2013-07/0144.html","name":"http://archives.neohapsis.com/archives/bugtraq/2013-07/0144.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link"],"title":"","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"http://osvdb.org/95523","name":"http://osvdb.org/95523","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link"],"title":"","mime":"","httpstatus":"-1","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2013-2137","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-2137","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"n/a","product":"n/a","version":"affected n/a","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2013","cve_id":"2137","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"apache","cpe5":"ofbiz","cpe6":"10.04.01","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"2137","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"apache","cpe5":"ofbiz","cpe6":"10.04.02","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"2137","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"apache","cpe5":"ofbiz","cpe6":"10.04.03","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"2137","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"apache","cpe5":"ofbiz","cpe6":"10.04.04","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"2137","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"apache","cpe5":"ofbiz","cpe6":"10.04.05","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"2137","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"apache","cpe5":"ofbiz","cpe6":"11.04.01","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"2137","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"apache","cpe5":"ofbiz","cpe6":"11.04.02","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"2137","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"apache","cpe5":"ofbiz","cpe6":"12.04.01","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-06T15:27:40.897Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"name":"apache-ofbiz-cve20132137-xss(85874)","tags":["vdb-entry","x_refsource_XF","x_transferred"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/85874"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://ofbiz.apache.org/download.html#vulnerabilities"},{"name":"53910","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/53910"},{"name":"61370","tags":["vdb-entry","x_refsource_BID","x_transferred"],"url":"http://www.securityfocus.com/bid/61370"},{"name":"20130720 [CVE-2013-2137] Apache OFBiz XSS vulnerability in the \"View Log\" screen of the Webtools application","tags":["mailing-list","x_refsource_BUGTRAQ","x_transferred"],"url":"http://archives.neohapsis.com/archives/bugtraq/2013-07/0144.html"},{"name":"95523","tags":["vdb-entry","x_refsource_OSVDB","x_transferred"],"url":"http://osvdb.org/95523"}],"title":"CVE Program Container"}],"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"datePublic":"2013-07-20T00:00:00.000Z","descriptions":[{"lang":"en","value":"Cross-site scripting (XSS) vulnerability in the \"View Log\" screen in the Webtools application in Apache Open For Business Project (aka OFBiz) 10.04.01 through 10.04.05, 11.04.01 through 11.04.02, and 12.04.01 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2017-08-28T12:57:01.000Z","orgId":"53f830b8-0a3f-465b-8143-3b8a9948e749","shortName":"redhat"},"references":[{"name":"apache-ofbiz-cve20132137-xss(85874)","tags":["vdb-entry","x_refsource_XF"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/85874"},{"tags":["x_refsource_CONFIRM"],"url":"http://ofbiz.apache.org/download.html#vulnerabilities"},{"name":"53910","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/53910"},{"name":"61370","tags":["vdb-entry","x_refsource_BID"],"url":"http://www.securityfocus.com/bid/61370"},{"name":"20130720 [CVE-2013-2137] Apache OFBiz XSS vulnerability in the \"View Log\" screen of the Webtools application","tags":["mailing-list","x_refsource_BUGTRAQ"],"url":"http://archives.neohapsis.com/archives/bugtraq/2013-07/0144.html"},{"name":"95523","tags":["vdb-entry","x_refsource_OSVDB"],"url":"http://osvdb.org/95523"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"secalert@redhat.com","ID":"CVE-2013-2137","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Cross-site scripting (XSS) vulnerability in the \"View Log\" screen in the Webtools application in Apache Open For Business Project (aka OFBiz) 10.04.01 through 10.04.05, 11.04.01 through 11.04.02, and 12.04.01 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"apache-ofbiz-cve20132137-xss(85874)","refsource":"XF","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/85874"},{"name":"http://ofbiz.apache.org/download.html#vulnerabilities","refsource":"CONFIRM","url":"http://ofbiz.apache.org/download.html#vulnerabilities"},{"name":"53910","refsource":"SECUNIA","url":"http://secunia.com/advisories/53910"},{"name":"61370","refsource":"BID","url":"http://www.securityfocus.com/bid/61370"},{"name":"20130720 [CVE-2013-2137] Apache OFBiz XSS vulnerability in the \"View Log\" screen of the Webtools application","refsource":"BUGTRAQ","url":"http://archives.neohapsis.com/archives/bugtraq/2013-07/0144.html"},{"name":"95523","refsource":"OSVDB","url":"http://osvdb.org/95523"}]}}}},"cveMetadata":{"assignerOrgId":"53f830b8-0a3f-465b-8143-3b8a9948e749","assignerShortName":"redhat","cveId":"CVE-2013-2137","datePublished":"2013-08-15T16:00:00.000Z","dateReserved":"2013-02-19T00:00:00.000Z","dateUpdated":"2024-08-06T15:27:40.897Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"},"nvd":{"publishedDate":"2013-08-15 16:55:09","lastModifiedDate":"2026-04-29 01:13:23","problem_types":["CWE-79","n/a"],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:N/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apache:ofbiz:10.04.01:*:*:*:*:*:*:*","matchCriteriaId":"E9FBA6A6-D7B1-4870-B18B-60E9B5EBA5C9"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:ofbiz:10.04.02:*:*:*:*:*:*:*","matchCriteriaId":"C4571E42-8128-4FA4-8350-F3EB1F96853E"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:ofbiz:10.04.03:*:*:*:*:*:*:*","matchCriteriaId":"2A54B914-1A1E-4F3C-AACA-AFCED4023A76"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:ofbiz:10.04.04:*:*:*:*:*:*:*","matchCriteriaId":"BE538AFD-DFD8-4BE0-8E97-ED0D80E4FCF0"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:ofbiz:10.04.05:*:*:*:*:*:*:*","matchCriteriaId":"E4989B04-155A-473D-84C8-05A7AEB30798"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:ofbiz:11.04.01:*:*:*:*:*:*:*","matchCriteriaId":"4BC9FE7F-EAAB-42DC-B0B0-81B484C06571"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:ofbiz:11.04.02:*:*:*:*:*:*:*","matchCriteriaId":"770795DB-628C-4C60-B89A-81054048A56C"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:ofbiz:12.04.01:*:*:*:*:*:*:*","matchCriteriaId":"7A557337-D8FD-47F4-9E66-9A642B834E7D"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2013","CveId":"2137","Ordinal":"1","Title":"CVE-2013-2137","CVE":"CVE-2013-2137","Year":"2013"},"notes":[{"CveYear":"2013","CveId":"2137","Ordinal":"1","NoteData":"Cross-site scripting (XSS) vulnerability in the \"View Log\" screen in the Webtools application in Apache Open For Business Project (aka OFBiz) 10.04.01 through 10.04.05, 11.04.01 through 11.04.02, and 12.04.01 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.","Type":"Description","Title":"CVE-2013-2137"},{"CveYear":"2013","CveId":"2137","Ordinal":"2","NoteData":"2013-08-15","Type":"Other","Title":"Published"},{"CveYear":"2013","CveId":"2137","Ordinal":"3","NoteData":"2017-08-28","Type":"Other","Title":"Modified"}]}}}