CVE-2014-7852

Опубликовано: 09 дек. 2014

Источник: redhat

CVSS2: 4.3

Описание

Cross-site scripting (XSS) vulnerability in JBoss RichFaces, as used in JBoss Portal 6.1.1, allows remote attackers to inject arbitrary web script or HTML via crafted URL, which is not properly handled in a CSS file.

It was found that RichFaces accepted arbitrary strings included in a URL and returned them unencoded in a CSS file. A remote attacker could use this flaw to perform cross-site scripting (XSS) attacks against a user running a RichFaces application.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat JBoss Portal 6	richfaces	Affected
Red Hat JBoss Portal Platform 6.1		Fixed	RHSA-2014:1973	09.12.2014

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-79

https://bugzilla.redhat.com/show_bug.cgi?id=1164024RichFaces: Cross-site scripting due to incomplete URL sanitization

4.3 Medium

CVSS2

Связанные уязвимости

CVE-2014-7852

nvd

около 11 лет назад

GHSA-cq25-j7mv-44h4

github

больше 3 лет назад

4.3 Medium

CVSS2