CVE-2019-25028

Опубликовано: 23 апр. 2021

Источник: nvd

CVSS3: 5.4

CVSS3: 6.1

CVSS2: 4.3

EPSS Низкий

Описание

Missing variable sanitization in Grid component in com.vaadin:vaadin-server versions 7.4.0 through 7.7.19 (Vaadin 7.4.0 through 7.7.19), and 8.0.0 through 8.8.4 (Vaadin 8.0.0 through 8.8.4) allows attacker to inject malicious JavaScript via unspecified vector

Ссылки

https://github.com/vaadin/framework/pull/11644
Patch
Third Party Advisory
https://github.com/vaadin/framework/pull/11645
Patch
Third Party Advisory
https://vaadin.com/security/cve-2019-25028
Vendor Advisory
https://github.com/vaadin/framework/pull/11644
Patch
Third Party Advisory
https://github.com/vaadin/framework/pull/11645
Patch
Third Party Advisory
https://vaadin.com/security/cve-2019-25028
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:vaadin:vaadin:*:*:*:*:*:*:*:*

Версия от 7.4.0 (включая) до 7.7.20 (исключая)

cpe:2.3:a:vaadin:vaadin:*:*:*:*:*:*:*:*

Версия от 8.0.0 (включая) до 8.8.5 (исключая)

EPSS

Процентиль: 57%

0.00347

Низкий

5.4 Medium

CVSS3

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-80

CWE-79

Связанные уязвимости

GHSA-q74r-4xw3-ppx9

CVSS3: 5.4

github

почти 5 лет назад

Stored cross-site scripting in Grid component in Vaadin 7 and 8

EPSS

Процентиль: 57%

0.00347

Низкий

5.4 Medium

CVSS3

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-80

CWE-79