GHSA-rjhx-c9qh-qh8f

Source

https://github.com/advisories/GHSA-rjhx-c9qh-qh8f

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-rjhx-c9qh-qh8f/GHSA-rjhx-c9qh-qh8f.json

JSON Data

https://api.test.osv.dev/v1/vulns/GHSA-rjhx-c9qh-qh8f

Aliases

CVE-2019-17091

Published

2022-05-24T16:57:42Z

Modified

2023-11-01T04:50:41.459423Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

Cross-site Scripting in Eclipse Mojarra

Details

faces/context/PartialViewContextImpl.java in Eclipse Mojarra, as used in Mojarra for Eclipse EE4J before 2.3.10 and Mojarra JavaServer Faces, allows Reflected XSS because a client window field is mishandled.

Database specific

{
    "github_reviewed_at": "2022-11-03T23:47:19Z",
    "severity": "MODERATE",
    "cwe_ids": [
        "CWE-79"
    ],
    "github_reviewed": true,
    "nvd_published_at": "2019-10-02T14:15:00Z"
}

References

Affected packages

Maven / org.glassfish:javax.faces

Package

Name: org.glassfish:javax.faces; View open source insights on deps.dev
Purl: pkg:maven/org.glassfish/javax.faces

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.2.20

Affected versions

2.*

2.0.7

2.0.8

2.0.9

2.0.9-02

2.0.9-05

2.0.9-08

2.0.10

2.0.11

2.0.11-01

2.0.11-02

2.0.11-03

2.1.2

2.1.3

2.1.4

2.1.5

2.1.5-02

2.1.5-04

2.1.6

2.1.7

2.1.7-01

2.1.7-02

2.1.7-03

2.1.7-04

2.1.7-05

2.1.7-06

2.1.7-07

2.1.7-08

2.1.7-09

2.1.7-10

2.1.8

2.1.9

2.1.10

2.1.11

2.1.12

2.1.13

2.1.14

2.1.15

2.1.16

2.1.17

2.1.18

2.1.19

2.1.20

2.1.20-02

2.1.20-03

2.1.20-04

2.1.20-05

2.1.20-06

2.1.20-07

2.1.20-08

2.1.20-09

2.1.20-10

2.1.20-11

2.1.20-12

2.1.20-13

2.1.20-14

2.1.20-15

2.1.20-16

2.1.21

2.1.22

2.1.23

2.1.24

2.1.25

2.1.26

2.1.27

2.1.28

2.1.29

2.1.29-01

2.1.29-02

2.1.29-03

2.1.29-04

2.1.29-05

2.1.29-06

2.1.29-07

2.1.29-08

2.1.29-09

2.1.29-10

2.1.29-11

2.2.0-m01

2.2.0-m02

2.2.0-m03

2.2.0-m04

2.2.0-m05

2.2.0-m06

2.2.0-m07

2.2.0-m08

2.2.0-m09

2.2.0-m10

2.2.0-m11

2.2.0-m12

2.2.0-m13

2.2.0-m14

2.2.0-m15

2.2.0

2.2.1

2.2.2

2.2.3

2.2.4

2.2.5

2.2.6

2.2.7

2.2.8

2.2.8-01

2.2.8-02

2.2.8-03

2.2.8-04

2.2.8-05

2.2.8-06

2.2.8-07

2.2.8-08

2.2.8-09

2.2.8-10

2.2.8-11

2.2.8-12

2.2.8-13

2.2.8-14

2.2.8-15

2.2.8-16

2.2.8-17

2.2.8-18

2.2.8-19

2.2.8-20

2.2.8-21

2.2.8-22

2.2.8-23

2.2.8-24

2.2.8-25

2.2.8-26

2.2.8-27

2.2.8-28

2.2.8-29

2.2.8-30

2.2.8-31

2.2.8-32

2.2.8-33

2.2.8-34

2.2.8-35

2.2.9

2.2.10

2.2.11

2.2.12

2.2.13

2.2.14

2.2.15

2.2.16

2.2.17

2.2.18

2.2.19

Maven / org.glassfish:jakarta.faces

Package

Name: org.glassfish:jakarta.faces; View open source insights on deps.dev
Purl: pkg:maven/org.glassfish/jakarta.faces

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.3.10

Affected versions

2.*

2.3.9