Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2013-5855

Опубликовано: 17 июл. 2014
Источник: nvd
CVSS2: 4.3
EPSS Низкий

Описание

Oracle Mojarra 2.2.x before 2.2.6 and 2.1.x before 2.1.28 does not perform appropriate encoding when a (1) <h:outputText> tag or (2) EL expression is used after a scriptor style block, which allows remote attackers to conduct cross-site scripting (XSS) attacks via application-specific vectors.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:oracle:mojarra:2.1.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mojarra:2.1.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mojarra:2.1.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mojarra:2.1.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mojarra:2.1.4:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mojarra:2.1.5:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mojarra:2.1.6:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mojarra:2.1.7:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mojarra:2.1.8:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mojarra:2.1.9:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mojarra:2.1.10:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mojarra:2.1.11:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mojarra:2.1.12:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mojarra:2.1.13:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mojarra:2.1.14:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mojarra:2.1.15:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mojarra:2.1.16:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mojarra:2.1.17:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mojarra:2.1.18:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mojarra:2.1.19:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mojarra:2.1.20:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mojarra:2.1.21:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mojarra:2.1.22:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mojarra:2.1.23:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mojarra:2.1.24:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mojarra:2.1.25:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mojarra:2.1.26:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mojarra:2.1.27:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mojarra:2.2.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mojarra:2.2.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mojarra:2.2.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mojarra:2.2.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mojarra:2.2.4:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mojarra:2.2.5:*:*:*:*:*:*:*

EPSS

Процентиль: 85%
0.02752
Низкий

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

ubuntu логотип

CVE-2013-5855

ubuntu
больше 11 лет назад

Oracle Mojarra 2.2.x before 2.2.6 and 2.1.x before 2.1.28 does not perform appropriate encoding when a (1) <h:outputText> tag or (2) EL expression is used after a scriptor style block, which allows remote attackers to conduct cross-site scripting (XSS) attacks via application-specific vectors.

redhat логотип

CVE-2013-5855

redhat
почти 12 лет назад

Oracle Mojarra 2.2.x before 2.2.6 and 2.1.x before 2.1.28 does not perform appropriate encoding when a (1) <h:outputText> tag or (2) EL expression is used after a scriptor style block, which allows remote attackers to conduct cross-site scripting (XSS) attacks via application-specific vectors.

debian логотип

CVE-2013-5855

debian
больше 11 лет назад

Oracle Mojarra 2.2.x before 2.2.6 and 2.1.x before 2.1.28 does not per ...

github логотип

GHSA-3m3r-82gc-53mj

github
больше 3 лет назад

Improper Neutralization of Input During Web Page Generation in Mojarra

fstec логотип

BDU:2015-00734

fstec
больше 11 лет назад

Уязвимость программного обеспечения WebLogic Server, позволяющая удаленному злоумышленнику нарушить защищаемой информации

EPSS

Процентиль: 85%
0.02752
Низкий

4.3 Medium

CVSS2

Дефекты

CWE-79