Tatulund

**Name of the Vulnerable Software and Affected Versions** com.vaadin:flow-server versions 1.0.0 through 1.0.10 com.vaadin:flow-server versions 1.1.0 through 1.4.2 **Description** The issue is related to missing output sanitization in the default RouteNotFoundError view. This allows an attacker to execute malicious JavaScript via a crafted URL. **Recommendations** For com.vaadin:flow-server versions 1.0.0 through 1.0.10, update to a version outside of this range to resolve the issue. For com.vaadin:flow-server versions 1.1.0 through 1.4.2, update to a version outside of this range to resolve the issue. As a temporary workaround, consider implementing proper output sanitization for the RouteNotFoundError view to prevent malicious JavaScript execution.