Dgusoft

**Name of the Vulnerable Software and Affected Versions** PrimeFaces version 7.0.11 **Description** A cross-site scripting (XSS) issue was discovered in the tooltip/tooltip.js component of PrimeFaces. This issue allows an attacker to provide JavaScript code in an input field, which is later used as a tooltip title without any input validation, potentially leading to the execution of malicious scripts. **Recommendations** For PrimeFaces version 7.0.11, consider validating all user input data used in tooltip titles to prevent the injection of malicious JavaScript code. As a temporary workaround, restrict the use of the tooltip feature until a patch is available.