Cross-Site Scripting Vulnerability in Oracle Mojarra Software
CVE-2013-5855

Currently unrated

Key Information:

Vendor: Oracle
Status: Mojarra
Vendor: CVE Published:; 17 July 2014

Summary

A flaw in Oracle Mojarra versions prior to 2.2.6 and 2.1.28 allows attackers to exploit insufficient encoding practices. Specifically, the vulnerability arises when the <h:outputText> tag or EL expression is used following a script or style block, enabling potential remote cross-site scripting (XSS) attacks. Without proper encoding, malicious actors can inject arbitrary scripts into web pages, which may compromise user data and session integrity. It is crucial for developers and administrators to apply the recommended updates to safeguard their applications.

References

http://rhn.redhat.com/errata/RHSA-2015-0765.html

vendor-advisoryx_refsource_REDHAT

http://h30499.www3.hp.com/t5/HP-Security-Research-Blog/JS...

x_refsource_MISC

http://rhn.redhat.com/errata/RHSA-2015-0675.html

vendor-advisoryx_refsource_REDHAT

Timeline

Vulnerability published
Jul 17, 2014
Vulnerability Reserved
Sep 18, 2013