PT-2019-3784 · Oracle+1 · Mojarra Javaserver Faces+2

Published

2019-06-13

Updated

2022-05-24

CVE-2019-17091

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Eclipse Mojarra versions prior to 2.3.10 Mojarra JavaServer Faces versions prior to 2.2.20

Description The issue is related to the mishandling of a client window field in the faces/context/PartialViewContextImpl.java component of Eclipse Mojarra, which can lead to Reflected XSS attacks. This allows a remote attacker to perform a cross-site scripting attack.

Recommendations For Eclipse Mojarra versions prior to 2.3.10, update to version 2.3.10 or later. For Mojarra JavaServer Faces versions prior to 2.2.20, update to version 2.2.20 or later.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

BDU:2019-04080

CVE-2019-17091

GHSA-RJHX-C9QH-QH8F

Affected Products

Eclipse Mojarra

Mojarra Javaserver Faces

Oracle Weblogic Server

PT-2019-3784 · Oracle+1 · Mojarra Javaserver Faces+2

CVE-2019-17091

Weakness Enumeration

Related Identifiers

Affected Products

References · 22