VulnerableCode Package Details - pkg:maven/org.glassfish/javax.faces@2.2.11

Search for packages

Vulnerability	Summary	Fixed by
VCID-5sf4-cx8k-guae Aliases: CVE-2019-17091 GHSA-rjhx-c9qh-qh8f	Cross-site Scripting in Eclipse Mojarra faces/context/PartialViewContextImpl.java in Eclipse Mojarra, as used in Mojarra for Eclipse EE4J before 2.3.10 and Mojarra JavaServer Faces, allows Reflected XSS because a client window field is mishandled.	2.2.20 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-ud7m-cc54-3qbv Aliases: CVE-2018-14371 GHSA-43q7-q5vp-3g68	The getLocalePrefix function in ResourceManager.java in Eclipse Mojarra before 2.3.7 is affected by Directory Traversal via the loc parameter. A remote attacker can download configuration files or Java bytecodes from applications.	2.3.7 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-5sf4-cx8k-guae
Aliases:
CVE-2019-17091
GHSA-rjhx-c9qh-qh8f

Cross-site Scripting in Eclipse Mojarra faces/context/PartialViewContextImpl.java in Eclipse Mojarra, as used in Mojarra for Eclipse EE4J before 2.3.10 and Mojarra JavaServer Faces, allows Reflected XSS because a client window field is mishandled.

2.2.20
Affected by 1 other vulnerability.

VCID-ud7m-cc54-3qbv
Aliases:
CVE-2018-14371
GHSA-43q7-q5vp-3g68

The getLocalePrefix function in ResourceManager.java in Eclipse Mojarra before 2.3.7 is affected by Directory Traversal via the loc parameter. A remote attacker can download configuration files or Java bytecodes from applications.

2.3.7
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T21:59:05.327182+00:00	GitLab Importer	Affected by	VCID-5sf4-cx8k-guae	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.glassfish/javax.faces/CVE-2019-17091.yml	38.4.0
2026-04-16T21:51:45.005840+00:00	GitLab Importer	Affected by	VCID-ud7m-cc54-3qbv	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.glassfish/javax.faces/CVE-2018-14371.yml	38.4.0
2026-04-11T23:14:35.455536+00:00	GitLab Importer	Affected by	VCID-5sf4-cx8k-guae	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.glassfish/javax.faces/CVE-2019-17091.yml	38.3.0
2026-04-11T23:07:40.330307+00:00	GitLab Importer	Affected by	VCID-ud7m-cc54-3qbv	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.glassfish/javax.faces/CVE-2018-14371.yml	38.3.0
2026-04-02T23:22:37.461969+00:00	GitLab Importer	Affected by	VCID-5sf4-cx8k-guae	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.glassfish/javax.faces/CVE-2019-17091.yml	38.1.0
2026-04-02T23:16:00.702645+00:00	GitLab Importer	Affected by	VCID-ud7m-cc54-3qbv	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.glassfish/javax.faces/CVE-2018-14371.yml	38.1.0
2026-04-01T17:43:37.750334+00:00	GitLab Importer	Affected by	VCID-5sf4-cx8k-guae	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.glassfish/javax.faces/CVE-2019-17091.yml	38.0.0
2026-04-01T17:36:05.254100+00:00	GitLab Importer	Affected by	VCID-ud7m-cc54-3qbv	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.glassfish/javax.faces/CVE-2018-14371.yml	38.0.0