Skip to main content

Mojarra

4 CVEs product

Monthly

CVE-2019-17091 Maven MEDIUM POC PATCH This Month

faces/context/PartialViewContextImpl.java in Eclipse Mojarra, as used in Mojarra for Eclipse EE4J before 2.3.10 and Mojarra JavaServer Faces before 2.2.20, allows Reflected XSS because a client. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Java Mojarra Mojarra Javaserver Faces Application Testing Suite +20
NVD GitHub
CVSS 3.1
6.1
EPSS
2.5%
CVE-2018-14371 Maven HIGH PATCH This Week

The getLocalePrefix function in ResourceManager.java in Eclipse Mojarra before 2.3.7 is affected by Directory Traversal via the loc parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Java Path Traversal Mojarra
NVD GitHub
CVSS 3.0
7.5
EPSS
4.4%
CVE-2013-5855 Maven MEDIUM PATCH This Month

Oracle Mojarra 2.2.x before 2.2.6 and 2.1.x before 2.1.28 does not perform appropriate encoding when a (1) <h:outputText> tag or (2) EL expression is used after a scriptor style block, which allows. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Oracle Mojarra
NVD
CVSS 2.0
4.3
EPSS
2.3%
CVE-2012-2672 LOW POC Monitor

Oracle Mojarra 2.1.7 does not properly "clean up" the FacesContext reference during startup, which allows local users to obtain context information an access resources from another WAR file by. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Oracle Mojarra
NVD
CVSS 2.0
2.1
EPSS
0.1%
EPSS 2% CVSS 6.1
MEDIUM POC PATCH This Month

faces/context/PartialViewContextImpl.java in Eclipse Mojarra, as used in Mojarra for Eclipse EE4J before 2.3.10 and Mojarra JavaServer Faces before 2.2.20, allows Reflected XSS because a client. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Java Mojarra +22
NVD GitHub
EPSS 4% CVSS 7.5
HIGH PATCH This Week

The getLocalePrefix function in ResourceManager.java in Eclipse Mojarra before 2.3.7 is affected by Directory Traversal via the loc parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Java Path Traversal Mojarra
NVD GitHub
EPSS 2% CVSS 4.3
MEDIUM PATCH This Month

Oracle Mojarra 2.2.x before 2.2.6 and 2.1.x before 2.1.28 does not perform appropriate encoding when a (1) <h:outputText> tag or (2) EL expression is used after a scriptor style block, which allows. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Oracle Mojarra
NVD
EPSS 0% CVSS 2.1
LOW POC Monitor

Oracle Mojarra 2.1.7 does not properly "clean up" the FacesContext reference during startup, which allows local users to obtain context information an access resources from another WAR file by. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Oracle Mojarra
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy