VulnerableCode Package Details - pkg:deb/debian/mojarra@2.0.3-2

Search for packages

Vulnerability	Summary	Fixed by
VCID-1rtf-aum8-33hg Aliases: CVE-2012-2672	Mojarra: deployed web applications can read FacesContext from other applications under certain conditions	2.2.8-1 Affected by 0 other vulnerabilities.
VCID-s1tt-jj2t-5yc9 Aliases: CVE-2013-5855 GHSA-3m3r-82gc-53mj	XSS due to insufficient escaping of user-supplied content in outputText tags and EL expressions This package does not perform appropriate encoding when a `<h:outputText>` tag or EL expression is used after a scriptor style block, which allows remote attackers to conduct cross-site scripting (XSS) attacks via application-specific vectors.	2.2.8-1 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-1rtf-aum8-33hg
Aliases:
CVE-2012-2672

Mojarra: deployed web applications can read FacesContext from other applications under certain conditions

2.2.8-1
Affected by 0 other vulnerabilities.

VCID-s1tt-jj2t-5yc9
Aliases:
CVE-2013-5855
GHSA-3m3r-82gc-53mj

XSS due to insufficient escaping of user-supplied content in outputText tags and EL expressions This package does not perform appropriate encoding when a `<h:outputText>` tag or EL expression is used after a scriptor style block, which allows remote attackers to conduct cross-site scripting (XSS) attacks via application-specific vectors.

2.2.8-1
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-qyr6-8ydt-dfaa	injection: includeViewParameters re-evaluates param/model values as EL expressions	CVE-2011-4358

Vulnerability

Summary

Aliases

VCID-qyr6-8ydt-dfaa

injection: includeViewParameters re-evaluates param/model values as EL expressions

CVE-2011-4358

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-15T20:03:33.594979+00:00	Debian Oval Importer	Fixing	VCID-qyr6-8ydt-dfaa	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.4.0
2026-04-15T15:59:20.995603+00:00	Debian Oval Importer	Affected by	VCID-1rtf-aum8-33hg	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.4.0
2026-04-15T15:29:52.986920+00:00	Debian Oval Importer	Affected by	VCID-s1tt-jj2t-5yc9	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.4.0
2026-04-11T19:45:15.149946+00:00	Debian Oval Importer	Fixing	VCID-qyr6-8ydt-dfaa	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-11T15:46:56.647736+00:00	Debian Oval Importer	Affected by	VCID-1rtf-aum8-33hg	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-11T15:17:56.342912+00:00	Debian Oval Importer	Affected by	VCID-s1tt-jj2t-5yc9	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-08T19:28:04.484461+00:00	Debian Oval Importer	Fixing	VCID-qyr6-8ydt-dfaa	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.1.0
2026-04-08T15:40:34.596639+00:00	Debian Oval Importer	Affected by	VCID-1rtf-aum8-33hg	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.1.0
2026-04-08T15:12:40.327125+00:00	Debian Oval Importer	Affected by	VCID-s1tt-jj2t-5yc9	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.1.0