Cross-Site Scripting Vulnerability in Oracle Mojarra Software
CVE-2013-5855

Currently unrated

Key Information:

Vendor

Oracle
Status
Mojarra
Vendor
CVE Published:
17 July 2014

What is CVE-2013-5855?

A flaw in Oracle Mojarra versions prior to 2.2.6 and 2.1.28 allows attackers to exploit insufficient encoding practices. Specifically, the vulnerability arises when the <h:outputText> tag or EL expression is used following a script or style block, enabling potential remote cross-site scripting (XSS) attacks. Without proper encoding, malicious actors can inject arbitrary scripts into web pages, which may compromise user data and session integrity. It is crucial for developers and administrators to apply the recommended updates to safeguard their applications.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://rhn.redhat.com/errata/RHSA-2015-0765.html
vendor-advisoryx_refsource_REDHAT
http://h30499.www3.hp.com/t5/HP-Security-Research-Blog/JS...
x_refsource_MISC
http://rhn.redhat.com/errata/RHSA-2015-0675.html
vendor-advisoryx_refsource_REDHAT

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.