Описание
The Apache DeltaSpike-JSF 1.8.0 module has a XSS injection leak in the windowId handling. The default size of the windowId get's cut off after 10 characters (by default), so the impact might be limited. A fix got applied and released in Apache deltaspike-1.8.1.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| JBoss Developer Studio 10 | deltaspike | Will not fix | ||
| JBoss Developer Studio 8 | deltaspike | Will not fix | ||
| Red Hat BPM Suite 6 | deltaspike | Not affected | ||
| Red Hat JBoss BRMS 6 | deltaspike | Not affected | ||
| Red Hat JBoss Data Virtualization 6 | deltaspike | Not affected | ||
| Red Hat JBoss Fuse 6 | deltaspike | Not affected | ||
| Red Hat JBoss Fuse Service Works 6 | deltaspike | Not affected | ||
| Red Hat OpenStack Platform 10 (Newton) | opendaylight | Not affected | ||
| Red Hat OpenStack Platform 11 (Ocata) | opendaylight | Not affected | ||
| Red Hat OpenStack Platform 12 (Pike) | opendaylight | Not affected |
Показывать по
10
Дополнительная информация
Статус:
Moderate
Дефект:
CWE-79
https://bugzilla.redhat.com/show_bug.cgi?id=1532122DeltaSpike: XSS injection vulnerability in windowId handling
5.4 Medium
CVSS3
Связанные уязвимости
CVSS3: 6.1
nvd
около 8 лет назад
The Apache DeltaSpike-JSF 1.8.0 module has a XSS injection leak in the windowId handling. The default size of the windowId get's cut off after 10 characters (by default), so the impact might be limited. A fix got applied and released in Apache deltaspike-1.8.1.
5.4 Medium
CVSS3