XSS and EL Statement Execution Vulnerability in Apache MyFaces 1.1.7 and 1.2.8
CVE-2010-2086

Currently unrated

Key Information:

Vendor: Apache
Status: Myfaces
Vendor: CVE Published:; 27 May 2010

What is CVE-2010-2086?

Apache MyFaces versions 1.1.7 and 1.2.8 are vulnerable due to improper handling of unencrypted view states, which can be exploited by remote attackers to perform cross-site scripting (XSS) attacks or execute arbitrary Expression Language (EL) statements. This vulnerability occurs when attackers manipulate serialized view objects, leading to unauthorized actions or disclosure of sensitive data.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://www.trustwave.com/spiderlabs/advisories/TWSL2010-...

x_refsource_MISC

http://www.blackhat.com/presentations/bh-dc-10/Byrne_Davi...

x_refsource_MISC

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
May 27, 2010

JSON

Apache

What is CVE-2010-2086?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

References

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.