VulnerableCode Package Details - pkg:maven/org.glassfish/javax.faces@2.1.28

Search for packages

Vulnerability	Summary	Fixed by
VCID-5sf4-cx8k-guae Aliases: CVE-2019-17091 GHSA-rjhx-c9qh-qh8f	Cross-site Scripting in Eclipse Mojarra faces/context/PartialViewContextImpl.java in Eclipse Mojarra, as used in Mojarra for Eclipse EE4J before 2.3.10 and Mojarra JavaServer Faces, allows Reflected XSS because a client window field is mishandled.	2.2.20 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-s1tt-jj2t-5yc9 Aliases: CVE-2013-5855 GHSA-3m3r-82gc-53mj	XSS due to insufficient escaping of user-supplied content in outputText tags and EL expressions This package does not perform appropriate encoding when a `<h:outputText>` tag or EL expression is used after a scriptor style block, which allows remote attackers to conduct cross-site scripting (XSS) attacks via application-specific vectors.	2.2.6 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-ud7m-cc54-3qbv Aliases: CVE-2018-14371 GHSA-43q7-q5vp-3g68	The getLocalePrefix function in ResourceManager.java in Eclipse Mojarra before 2.3.7 is affected by Directory Traversal via the loc parameter. A remote attacker can download configuration files or Java bytecodes from applications.	2.3.7 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-5sf4-cx8k-guae
Aliases:
CVE-2019-17091
GHSA-rjhx-c9qh-qh8f

Cross-site Scripting in Eclipse Mojarra faces/context/PartialViewContextImpl.java in Eclipse Mojarra, as used in Mojarra for Eclipse EE4J before 2.3.10 and Mojarra JavaServer Faces, allows Reflected XSS because a client window field is mishandled.

2.2.20
Affected by 1 other vulnerability.

VCID-s1tt-jj2t-5yc9
Aliases:
CVE-2013-5855
GHSA-3m3r-82gc-53mj

XSS due to insufficient escaping of user-supplied content in outputText tags and EL expressions This package does not perform appropriate encoding when a `<h:outputText>` tag or EL expression is used after a scriptor style block, which allows remote attackers to conduct cross-site scripting (XSS) attacks via application-specific vectors.

2.2.6
Affected by 2 other vulnerabilities.

VCID-ud7m-cc54-3qbv
Aliases:
CVE-2018-14371
GHSA-43q7-q5vp-3g68

The getLocalePrefix function in ResourceManager.java in Eclipse Mojarra before 2.3.7 is affected by Directory Traversal via the loc parameter. A remote attacker can download configuration files or Java bytecodes from applications.

2.3.7
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-s1tt-jj2t-5yc9	XSS due to insufficient escaping of user-supplied content in outputText tags and EL expressions This package does not perform appropriate encoding when a `<h:outputText>` tag or EL expression is used after a scriptor style block, which allows remote attackers to conduct cross-site scripting (XSS) attacks via application-specific vectors.	CVE-2013-5855 GHSA-3m3r-82gc-53mj

Vulnerability

Summary

Aliases

VCID-s1tt-jj2t-5yc9

CVE-2013-5855
GHSA-3m3r-82gc-53mj

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T21:59:05.080040+00:00	GitLab Importer	Affected by	VCID-5sf4-cx8k-guae	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.glassfish/javax.faces/CVE-2019-17091.yml	38.4.0
2026-04-16T21:51:44.757250+00:00	GitLab Importer	Affected by	VCID-ud7m-cc54-3qbv	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.glassfish/javax.faces/CVE-2018-14371.yml	38.4.0
2026-04-16T20:31:45.571577+00:00	GitLab Importer	Affected by	VCID-s1tt-jj2t-5yc9	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.glassfish/javax.faces/CVE-2013-5855.yml	38.4.0
2026-04-11T23:14:35.193839+00:00	GitLab Importer	Affected by	VCID-5sf4-cx8k-guae	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.glassfish/javax.faces/CVE-2019-17091.yml	38.3.0
2026-04-11T23:07:40.199233+00:00	GitLab Importer	Affected by	VCID-ud7m-cc54-3qbv	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.glassfish/javax.faces/CVE-2018-14371.yml	38.3.0
2026-04-11T21:42:07.465909+00:00	GitLab Importer	Affected by	VCID-s1tt-jj2t-5yc9	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.glassfish/javax.faces/CVE-2013-5855.yml	38.3.0
2026-04-04T14:30:48.810687+00:00	GHSA Importer	Fixing	VCID-s1tt-jj2t-5yc9	https://github.com/advisories/GHSA-3m3r-82gc-53mj	38.1.0
2026-04-02T23:22:37.222362+00:00	GitLab Importer	Affected by	VCID-5sf4-cx8k-guae	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.glassfish/javax.faces/CVE-2019-17091.yml	38.1.0
2026-04-02T23:16:00.461298+00:00	GitLab Importer	Affected by	VCID-ud7m-cc54-3qbv	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.glassfish/javax.faces/CVE-2018-14371.yml	38.1.0
2026-04-02T21:56:17.840185+00:00	GitLab Importer	Affected by	VCID-s1tt-jj2t-5yc9	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.glassfish/javax.faces/CVE-2013-5855.yml	38.1.0
2026-04-01T17:43:37.471930+00:00	GitLab Importer	Affected by	VCID-5sf4-cx8k-guae	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.glassfish/javax.faces/CVE-2019-17091.yml	38.0.0
2026-04-01T17:36:04.934410+00:00	GitLab Importer	Affected by	VCID-ud7m-cc54-3qbv	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.glassfish/javax.faces/CVE-2018-14371.yml	38.0.0
2026-04-01T16:13:27.080313+00:00	GitLab Importer	Affected by	VCID-s1tt-jj2t-5yc9	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.glassfish/javax.faces/CVE-2013-5855.yml	38.0.0
2026-04-01T13:08:04.575157+00:00	GithubOSV Importer	Fixing	VCID-s1tt-jj2t-5yc9	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-3m3r-82gc-53mj/GHSA-3m3r-82gc-53mj.json	38.0.0