VulnerableCode Package Details - pkg:maven/org.glassfish/javax.faces@2.1.19

Search for packages

Vulnerability	Summary	Fixed by
VCID-5sf4-cx8k-guae Aliases: CVE-2019-17091 GHSA-rjhx-c9qh-qh8f	Cross-site Scripting in Eclipse Mojarra faces/context/PartialViewContextImpl.java in Eclipse Mojarra, as used in Mojarra for Eclipse EE4J before 2.3.10 and Mojarra JavaServer Faces, allows Reflected XSS because a client window field is mishandled.	2.2.20 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-s1tt-jj2t-5yc9 Aliases: CVE-2013-5855 GHSA-3m3r-82gc-53mj	XSS due to insufficient escaping of user-supplied content in outputText tags and EL expressions This package does not perform appropriate encoding when a `<h:outputText>` tag or EL expression is used after a scriptor style block, which allows remote attackers to conduct cross-site scripting (XSS) attacks via application-specific vectors.	2.1.28 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 2.2.6 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-ud7m-cc54-3qbv Aliases: CVE-2018-14371 GHSA-43q7-q5vp-3g68	The getLocalePrefix function in ResourceManager.java in Eclipse Mojarra before 2.3.7 is affected by Directory Traversal via the loc parameter. A remote attacker can download configuration files or Java bytecodes from applications.	2.3.7 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-5sf4-cx8k-guae
Aliases:
CVE-2019-17091
GHSA-rjhx-c9qh-qh8f

Cross-site Scripting in Eclipse Mojarra faces/context/PartialViewContextImpl.java in Eclipse Mojarra, as used in Mojarra for Eclipse EE4J before 2.3.10 and Mojarra JavaServer Faces, allows Reflected XSS because a client window field is mishandled.

2.2.20
Affected by 1 other vulnerability.

VCID-s1tt-jj2t-5yc9
Aliases:
CVE-2013-5855
GHSA-3m3r-82gc-53mj

XSS due to insufficient escaping of user-supplied content in outputText tags and EL expressions This package does not perform appropriate encoding when a `<h:outputText>` tag or EL expression is used after a scriptor style block, which allows remote attackers to conduct cross-site scripting (XSS) attacks via application-specific vectors.

2.1.28
Affected by 3 other vulnerabilities.

2.2.6
Affected by 2 other vulnerabilities.

VCID-ud7m-cc54-3qbv
Aliases:
CVE-2018-14371
GHSA-43q7-q5vp-3g68

The getLocalePrefix function in ResourceManager.java in Eclipse Mojarra before 2.3.7 is affected by Directory Traversal via the loc parameter. A remote attacker can download configuration files or Java bytecodes from applications.

2.3.7
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-mgny-35f9-1qg4	XML External Entity (XXE) injection This package allows remote attackers to affect confidentiality via unknown vectors related to Java Server Faces or Web Container.	CVE-2013-3827 GHSA-q388-j7cw-ff7w

Vulnerability

Summary

Aliases

VCID-mgny-35f9-1qg4

XML External Entity (XXE) injection This package allows remote attackers to affect confidentiality via unknown vectors related to Java Server Faces or Web Container.

CVE-2013-3827
GHSA-q388-j7cw-ff7w

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T21:59:04.998532+00:00	GitLab Importer	Affected by	VCID-5sf4-cx8k-guae	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.glassfish/javax.faces/CVE-2019-17091.yml	38.4.0
2026-04-16T21:54:38.887594+00:00	GitLab Importer	Fixing	VCID-mgny-35f9-1qg4	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.glassfish/javax.faces/CVE-2013-3827.yml	38.4.0
2026-04-16T21:51:44.678133+00:00	GitLab Importer	Affected by	VCID-ud7m-cc54-3qbv	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.glassfish/javax.faces/CVE-2018-14371.yml	38.4.0
2026-04-16T20:31:45.494240+00:00	GitLab Importer	Affected by	VCID-s1tt-jj2t-5yc9	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.glassfish/javax.faces/CVE-2013-5855.yml	38.4.0
2026-04-11T23:14:35.114041+00:00	GitLab Importer	Affected by	VCID-5sf4-cx8k-guae	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.glassfish/javax.faces/CVE-2019-17091.yml	38.3.0
2026-04-11T23:09:57.047399+00:00	GitLab Importer	Fixing	VCID-mgny-35f9-1qg4	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.glassfish/javax.faces/CVE-2013-3827.yml	38.3.0
2026-04-11T23:07:40.156255+00:00	GitLab Importer	Affected by	VCID-ud7m-cc54-3qbv	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.glassfish/javax.faces/CVE-2018-14371.yml	38.3.0
2026-04-11T21:42:07.372369+00:00	GitLab Importer	Affected by	VCID-s1tt-jj2t-5yc9	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.glassfish/javax.faces/CVE-2013-5855.yml	38.3.0
2026-04-04T14:31:26.993122+00:00	GHSA Importer	Fixing	VCID-mgny-35f9-1qg4	https://github.com/advisories/GHSA-q388-j7cw-ff7w	38.1.0
2026-04-02T23:22:37.144437+00:00	GitLab Importer	Affected by	VCID-5sf4-cx8k-guae	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.glassfish/javax.faces/CVE-2019-17091.yml	38.1.0
2026-04-02T23:18:41.440802+00:00	GitLab Importer	Fixing	VCID-mgny-35f9-1qg4	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.glassfish/javax.faces/CVE-2013-3827.yml	38.1.0
2026-04-02T23:16:00.382787+00:00	GitLab Importer	Affected by	VCID-ud7m-cc54-3qbv	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.glassfish/javax.faces/CVE-2018-14371.yml	38.1.0
2026-04-02T21:56:17.760401+00:00	GitLab Importer	Affected by	VCID-s1tt-jj2t-5yc9	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.glassfish/javax.faces/CVE-2013-5855.yml	38.1.0
2026-04-01T17:43:37.381723+00:00	GitLab Importer	Affected by	VCID-5sf4-cx8k-guae	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.glassfish/javax.faces/CVE-2019-17091.yml	38.0.0
2026-04-01T17:39:02.639842+00:00	GitLab Importer	Fixing	VCID-mgny-35f9-1qg4	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.glassfish/javax.faces/CVE-2013-3827.yml	38.0.0
2026-04-01T17:36:04.840579+00:00	GitLab Importer	Affected by	VCID-ud7m-cc54-3qbv	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.glassfish/javax.faces/CVE-2018-14371.yml	38.0.0
2026-04-01T16:13:26.970523+00:00	GitLab Importer	Affected by	VCID-s1tt-jj2t-5yc9	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.glassfish/javax.faces/CVE-2013-5855.yml	38.0.0
2026-04-01T13:09:04.474808+00:00	GithubOSV Importer	Fixing	VCID-mgny-35f9-1qg4	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-q388-j7cw-ff7w/GHSA-q388-j7cw-ff7w.json	38.0.0