Описание
faces/context/PartialViewContextImpl.java in Eclipse Mojarra, as used in Mojarra for Eclipse EE4J before 2.3.10 and Mojarra JavaServer Faces before 2.2.20, allows Reflected XSS because a client window field is mishandled.
Ссылки
- ExploitIssue TrackingPatchVendor Advisory
- PatchThird Party Advisory
- PatchThird Party Advisory
- Release NotesThird Party Advisory
- ExploitThird Party Advisory
- Third Party Advisory
- PatchThird Party Advisory
- PatchThird Party Advisory
- PatchThird Party Advisory
- PatchThird Party Advisory
- PatchThird Party Advisory
- PatchThird Party Advisory
- PatchThird Party Advisory
- PatchThird Party Advisory
- PatchThird Party Advisory
- PatchThird Party Advisory
- PatchThird Party Advisory
- ExploitIssue TrackingPatchVendor Advisory
- PatchThird Party Advisory
- PatchThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 2.3.0 (включая) до 2.3.10 (исключая)Версия от 2.2.0 (включая) до 2.2.20 (исключая)
Одно из
cpe:2.3:a:eclipse:mojarra:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mojarra_javaserver_faces:*:*:*:*:*:*:*:*
Конфигурация 2Версия от 8.0.0.0 (включая) до 8.4.0.5 (включая)Версия от 15.1.0.0 (включая) до 15.2.18.7 (включая)Версия от 16.1.0.0 (включая) до 16.2.19.0 (включая)Версия от 17.1.0.0 (включая) до 17.12.15.0 (включая)Версия от 18.1.0.0 (включая) до 18.8.15.0 (включая)Версия от 12.2.6 (включая) до 12.2.11 (включая)
Одно из
cpe:2.3:a:oracle:application_testing_suite:13.2.0.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:banking_enterprise_product_manufacturing:2.7.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:banking_enterprise_product_manufacturing:2.8.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_network_integrity:7.3.5:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_network_integrity:7.3.6:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:enterprise_data_quality:12.2.1.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:health_sciences_information_manager:3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:healthcare_data_repository:7.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:19.12.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:rapid_planning:12.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:rapid_planning:12.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_advanced_inventory_planning:15.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_advanced_inventory_planning:16.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_assortment_planning:16.0.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_bulk_data_integration:16.0.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_financial_integration:15.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_financial_integration:16.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_integration_bus:15.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_integration_bus:16.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_invoice_matching:16.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_merchandising_system:16.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_service_backbone:15.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_service_backbone:16.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_store_inventory_management:14.0.4:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_store_inventory_management:14.1.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_store_inventory_management:15.0.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_store_inventory_management:16.0.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:secure_global_desktop:5.4:*:*:*:*:*:*:*
cpe:2.3:a:oracle:secure_global_desktop:5.5:*:*:*:*:*:*:*
cpe:2.3:a:oracle:time_and_labor:*:*:*:*:*:*:*:*
EPSS
Процентиль: 91%
0.07188
Низкий
6.1 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-79
Связанные уязвимости
CVSS3: 6.1
debian
больше 6 лет назад
faces/context/PartialViewContextImpl.java in Eclipse Mojarra, as used ...
CVSS3: 6.1
fstec
больше 6 лет назад
Уязвимость компонента faces/context/PartialViewContextImpl.java библиотеки Eclipse Mojarra, как реализации спецификаций Mojarra JavaServer Faces и Eclipse EE4J, позволяющая нарушителю осуществить межсайтовую сценарную атаку
EPSS
Процентиль: 91%
0.07188
Низкий
6.1 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-79