Search for packages
| purl | pkg:maven/org.glassfish/javax.faces@2.1.13 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-5sf4-cx8k-guae
Aliases: CVE-2019-17091 GHSA-rjhx-c9qh-qh8f |
Cross-site Scripting in Eclipse Mojarra faces/context/PartialViewContextImpl.java in Eclipse Mojarra, as used in Mojarra for Eclipse EE4J before 2.3.10 and Mojarra JavaServer Faces, allows Reflected XSS because a client window field is mishandled. |
Affected by 1 other vulnerability. |
|
VCID-mgny-35f9-1qg4
Aliases: CVE-2013-3827 GHSA-q388-j7cw-ff7w |
XML External Entity (XXE) injection This package allows remote attackers to affect confidentiality via unknown vectors related to Java Server Faces or Web Container. |
Affected by 3 other vulnerabilities. |
|
VCID-s1tt-jj2t-5yc9
Aliases: CVE-2013-5855 GHSA-3m3r-82gc-53mj |
XSS due to insufficient escaping of user-supplied content in outputText tags and EL expressions This package does not perform appropriate encoding when a `<h:outputText>` tag or EL expression is used after a scriptor style block, which allows remote attackers to conduct cross-site scripting (XSS) attacks via application-specific vectors. |
Affected by 3 other vulnerabilities. Affected by 2 other vulnerabilities. |
|
VCID-ud7m-cc54-3qbv
Aliases: CVE-2018-14371 GHSA-43q7-q5vp-3g68 |
The getLocalePrefix function in ResourceManager.java in Eclipse Mojarra before 2.3.7 is affected by Directory Traversal via the loc parameter. A remote attacker can download configuration files or Java bytecodes from applications. |
Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||