0.001 Low
EPSS
Percentile
36.1%
flow-server is vulnerable to cross-site scripting (XSS). A remote attacker is able to inject and execute arbtirary Javascript in a user’s browser via the error template.
github.com/advisories/GHSA-rp4x-wxqv-cf9m
github.com/vaadin/flow/pull/5498
vaadin.com/security/cve-2019-25027