Lucene search

GitHub Advisory DatabaseGHSA-VV6J-5X58-Q2C3

HistoryMay 01, 2022 - 11:38 p.m.

Cross-site scripting (XSS) vulnerability in Sun Java Server Faces (JSF)

2022-05-0123:38:35

CWE-79

GitHub Advisory Database

github.com

cross-site scripting

vulnerability

sun java server faces

remote attackers

web script

html

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

EPSS

0.003

Percentile

71.7%

JSON

Cross-site scripting (XSS) vulnerability in Sun Java Server Faces (JSF) 1.2 before 1.2_08 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.

Affected configurations

Vulners

Node

com.sun.facesjsf-apiRange<1.2.08

VendorProductVersionCPE
com.sun.facesjsf-api*cpe:2.3:a:com.sun.faces:jsf-api:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
com.sun.faces	jsf-api	*	cpe:2.3:a:com.sun.faces:jsf-api::::::::

References

rhn.redhat.com/errata/RHSA-2008-0828.html

bugzilla.redhat.com/bugzilla/show_bug.cgi?id=437082

exchange.xforce.ibmcloud.com/vulnerabilities/41081

github.com/advisories/GHSA-vv6j-5x58-q2c3

nvd.nist.gov/vuln/detail/CVE-2008-1285

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

EPSS

0.003

Percentile

71.7%

JSON

Related for GHSA-VV6J-5X58-Q2C3