Описание
The Apache DeltaSpike-JSF 1.8.0 module has a XSS injection leak in the windowId handling. The default size of the windowId get's cut off after 10 characters (by default), so the impact might be limited. A fix got applied and released in Apache deltaspike-1.8.1.
Ссылки
- ExploitIssue TrackingPatchVendor Advisory
- ExploitIssue TrackingPatchVendor Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:apache:deltaspike:1.8.0:*:*:*:*:*:*:*
EPSS
Процентиль: 82%
0.01817
Низкий
6.1 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-79
Связанные уязвимости
CVSS3: 5.4
redhat
около 8 лет назад
The Apache DeltaSpike-JSF 1.8.0 module has a XSS injection leak in the windowId handling. The default size of the windowId get's cut off after 10 characters (by default), so the impact might be limited. A fix got applied and released in Apache deltaspike-1.8.1.
EPSS
Процентиль: 82%
0.01817
Низкий
6.1 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-79