CVE-2013-5855

Currently unrated

Key Information:

Vendor: Oracle
Status: Mojarra
Vendor: CVE Published:; 17 July 2014

Summary

Oracle Mojarra 2.2.x before 2.2.6 and 2.1.x before 2.1.28 does not perform appropriate encoding when a (1) <h:outputText> tag or (2) EL expression is used after a scriptor style block, which allows remote attackers to conduct cross-site scripting (XSS) attacks via application-specific vectors.

References

http://rhn.redhat.com/errata/RHSA-2015-0765.html

vendor-advisoryx_refsource_REDHAT

http://h30499.www3.hp.com/t5/HP-Security-Research-Blog/JS...

x_refsource_MISC

http://rhn.redhat.com/errata/RHSA-2015-0675.html

vendor-advisoryx_refsource_REDHAT

Timeline

Vulnerability published
Jul 17, 2014
Vulnerability Reserved
Sep 18, 2013