PT-2019-3784 · Oracle+1 · Mojarra Javaserver Faces+2

Publicado

2019-06-13

Atualizado

2022-05-24

CVE-2019-17091

CVSS v3.1

6.1

Média

Vetor

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Eclipse Mojarra versions prior to 2.3.10 Mojarra JavaServer Faces versions prior to 2.2.20

Description The issue is related to the mishandling of a client window field in the faces/context/PartialViewContextImpl.java component of Eclipse Mojarra, which can lead to Reflected XSS attacks. This allows a remote attacker to perform a cross-site scripting attack.

Recommendations For Eclipse Mojarra versions prior to 2.3.10, update to version 2.3.10 or later. For Mojarra JavaServer Faces versions prior to 2.2.20, update to version 2.2.20 or later.

Exploit

Correção

XSS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-79

Identificadores relacionados

BDU:2019-04080

CVE-2019-17091

GHSA-RJHX-C9QH-QH8F

Produtos afetados

Eclipse Mojarra

Mojarra Javaserver Faces

Oracle Weblogic Server

PT-2019-3784 · Oracle+1 · Mojarra Javaserver Faces+2

CVE-2019-17091

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 22