VulnerableCode Package Details - pkg:maven/com.sun.faces/jsf-impl@2-alpha0

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:maven/com.sun.faces/jsf-impl@2-alpha0

Essentials
History (2)

purl	pkg:maven/com.sun.faces/jsf-impl@2-alpha0
Tags	Ghost

Next non-vulnerable version	2.2.6
Latest non-vulnerable version	2.2.6
Risk	10.0

Vulnerabilities affecting this package (2)

Vulnerability	Summary	Fixed by
VCID-mgny-35f9-1qg4 Aliases: CVE-2013-3827 GHSA-q388-j7cw-ff7w	XML External Entity (XXE) injection This package allows remote attackers to affect confidentiality via unknown vectors related to Java Server Faces or Web Container.	2.1.19 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-s1tt-jj2t-5yc9 Aliases: CVE-2013-5855 GHSA-3m3r-82gc-53mj	XSS due to insufficient escaping of user-supplied content in outputText tags and EL expressions This package does not perform appropriate encoding when a `<h:outputText>` tag or EL expression is used after a scriptor style block, which allows remote attackers to conduct cross-site scripting (XSS) attacks via application-specific vectors.	2.2.6 Affected by 0 other vulnerabilities.

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-01T12:46:53.625923+00:00	GitLab Importer	Affected by	VCID-s1tt-jj2t-5yc9	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.sun.faces/jsf-impl/CVE-2013-5855.yml	38.0.0
2026-04-01T12:46:50.545862+00:00	GitLab Importer	Affected by	VCID-mgny-35f9-1qg4	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.sun.faces/jsf-impl/CVE-2013-3827.yml	38.0.0