CVE-2020-10544

Name of the Vulnerable Software and Affected Versions PrimeFaces version 7.0.11

Description A cross-site scripting (XSS) issue was discovered in the tooltip/tooltip.js component of PrimeFaces. This issue allows an attacker to provide JavaScript code in an input field, which is later used as a tooltip title without any input validation, potentially leading to the execution of malicious scripts.

Recommendations For PrimeFaces version 7.0.11, consider validating all user input data used in tooltip titles to prevent the injection of malicious JavaScript code. As a temporary workaround, restrict the use of the tooltip feature until a patch is available.