VulnerableCode Package Details - pkg:maven/org.glassfish/javax.faces@2.2.0-m04

Search for packages

Vulnerability	Summary	Fixed by
VCID-5sf4-cx8k-guae Aliases: CVE-2019-17091 GHSA-rjhx-c9qh-qh8f	Cross-site Scripting in Eclipse Mojarra faces/context/PartialViewContextImpl.java in Eclipse Mojarra, as used in Mojarra for Eclipse EE4J before 2.3.10 and Mojarra JavaServer Faces, allows Reflected XSS because a client window field is mishandled.	2.2.20 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-s1tt-jj2t-5yc9 Aliases: CVE-2013-5855 GHSA-3m3r-82gc-53mj	XSS due to insufficient escaping of user-supplied content in outputText tags and EL expressions This package does not perform appropriate encoding when a `<h:outputText>` tag or EL expression is used after a scriptor style block, which allows remote attackers to conduct cross-site scripting (XSS) attacks via application-specific vectors.	2.2.6 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-ud7m-cc54-3qbv Aliases: CVE-2018-14371 GHSA-43q7-q5vp-3g68	The getLocalePrefix function in ResourceManager.java in Eclipse Mojarra before 2.3.7 is affected by Directory Traversal via the loc parameter. A remote attacker can download configuration files or Java bytecodes from applications.	2.3.7 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-5sf4-cx8k-guae
Aliases:
CVE-2019-17091
GHSA-rjhx-c9qh-qh8f

Cross-site Scripting in Eclipse Mojarra faces/context/PartialViewContextImpl.java in Eclipse Mojarra, as used in Mojarra for Eclipse EE4J before 2.3.10 and Mojarra JavaServer Faces, allows Reflected XSS because a client window field is mishandled.

2.2.20
Affected by 1 other vulnerability.

VCID-s1tt-jj2t-5yc9
Aliases:
CVE-2013-5855
GHSA-3m3r-82gc-53mj

XSS due to insufficient escaping of user-supplied content in outputText tags and EL expressions This package does not perform appropriate encoding when a `<h:outputText>` tag or EL expression is used after a scriptor style block, which allows remote attackers to conduct cross-site scripting (XSS) attacks via application-specific vectors.

2.2.6
Affected by 2 other vulnerabilities.

VCID-ud7m-cc54-3qbv
Aliases:
CVE-2018-14371
GHSA-43q7-q5vp-3g68

The getLocalePrefix function in ResourceManager.java in Eclipse Mojarra before 2.3.7 is affected by Directory Traversal via the loc parameter. A remote attacker can download configuration files or Java bytecodes from applications.

2.3.7
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T21:59:05.134843+00:00	GitLab Importer	Affected by	VCID-5sf4-cx8k-guae	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.glassfish/javax.faces/CVE-2019-17091.yml	38.4.0
2026-04-16T21:51:44.812723+00:00	GitLab Importer	Affected by	VCID-ud7m-cc54-3qbv	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.glassfish/javax.faces/CVE-2018-14371.yml	38.4.0
2026-04-16T20:31:45.623483+00:00	GitLab Importer	Affected by	VCID-s1tt-jj2t-5yc9	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.glassfish/javax.faces/CVE-2013-5855.yml	38.4.0
2026-04-11T23:14:35.249127+00:00	GitLab Importer	Affected by	VCID-5sf4-cx8k-guae	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.glassfish/javax.faces/CVE-2019-17091.yml	38.3.0
2026-04-11T23:07:40.227928+00:00	GitLab Importer	Affected by	VCID-ud7m-cc54-3qbv	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.glassfish/javax.faces/CVE-2018-14371.yml	38.3.0
2026-04-11T21:42:07.531010+00:00	GitLab Importer	Affected by	VCID-s1tt-jj2t-5yc9	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.glassfish/javax.faces/CVE-2013-5855.yml	38.3.0
2026-04-02T23:22:37.274108+00:00	GitLab Importer	Affected by	VCID-5sf4-cx8k-guae	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.glassfish/javax.faces/CVE-2019-17091.yml	38.1.0
2026-04-02T23:16:00.513496+00:00	GitLab Importer	Affected by	VCID-ud7m-cc54-3qbv	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.glassfish/javax.faces/CVE-2018-14371.yml	38.1.0
2026-04-02T21:56:17.892936+00:00	GitLab Importer	Affected by	VCID-s1tt-jj2t-5yc9	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.glassfish/javax.faces/CVE-2013-5855.yml	38.1.0
2026-04-01T17:43:37.532226+00:00	GitLab Importer	Affected by	VCID-5sf4-cx8k-guae	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.glassfish/javax.faces/CVE-2019-17091.yml	38.0.0
2026-04-01T17:36:04.995045+00:00	GitLab Importer	Affected by	VCID-ud7m-cc54-3qbv	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.glassfish/javax.faces/CVE-2018-14371.yml	38.0.0
2026-04-01T16:13:27.154297+00:00	GitLab Importer	Affected by	VCID-s1tt-jj2t-5yc9	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.glassfish/javax.faces/CVE-2013-5855.yml	38.0.0