CVE-2019-25028

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2019-25028

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-25028.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2019-25028

Aliases

GHSA-q74r-4xw3-ppx9

Published

2021-04-23T16:15:08.267Z

Modified

2026-03-14T09:37:33.961216Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

Missing variable sanitization in Grid component in com.vaadin:vaadin-server versions 7.4.0 through 7.7.19 (Vaadin 7.4.0 through 7.7.19), and 8.0.0 through 8.8.4 (Vaadin 8.0.0 through 8.8.4) allows attacker to inject malicious JavaScript via unspecified vector

References

Affected packages

Git / github.com/vaadin/framework

Affected ranges

Type

GIT

Repo

https://github.com/vaadin/framework

Events

Introduced

fb74e3d03793a7f9c433a7be583d55e3e2d1c35d

Fixed

c39400b55da214b2b6eb87260fb8f485a78a8aa1

Database specific

{
    "versions": [
        {
            "introduced": "8.0.0"
        },
        {
            "fixed": "8.8.5"
        }
    ]
}

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-25028.json"

unresolved_ranges

[
    {
        "events": [
            {
                "introduced": "7.4.0"
            },
            {
                "fixed": "7.7.20"
            }
        ]
    }
]

vanir_signatures

[
    {
        "deprecated": false,
        "signature_type": "Function",
        "signature_version": "v1",
        "digest": {
            "function_hash": "224089112780054838281096973252255515795",
            "length": 325.0
        },
        "source": "https://github.com/vaadin/framework/commit/c39400b55da214b2b6eb87260fb8f485a78a8aa1",
        "id": "CVE-2019-25028-3ad2e415",
        "target": {
            "file": "uitest/src/test/java/com/vaadin/tests/components/window/WindowTwinColSelectTest.java",
            "function": "testBothVisibleInitially"
        }
    },
    {
        "deprecated": false,
        "signature_type": "Line",
        "signature_version": "v1",
        "digest": {
            "line_hashes": [
                "323027927719322879694646477660480758366",
                "140843719381022169385478702298695908139",
                "223121810745035292844364844150107232529",
                "241783893905197447019632742179906486824",
                "118877264746139548812131047659602460117",
                "212798713455239224283024788850551583708",
                "268359675270704258968730407281331665124",
                "43624132584534113624707093921107228950",
                "142659331150020933318034414284366553825",
                "262969033099155336909030685456245982774",
                "296315255155010085321854487652361016702",
                "293809256608442915435225365561121041433",
                "43624132584534113624707093921107228950",
                "142659331150020933318034414284366553825",
                "262969033099155336909030685456245982774",
                "232005886596506853569304581689489718279"
            ],
            "threshold": 0.9
        },
        "source": "https://github.com/vaadin/framework/commit/c39400b55da214b2b6eb87260fb8f485a78a8aa1",
        "id": "CVE-2019-25028-95f41e84",
        "target": {
            "file": "uitest/src/test/java/com/vaadin/tests/components/window/WindowTwinColSelectTest.java"
        }
    },
    {
        "deprecated": false,
        "signature_type": "Function",
        "signature_version": "v1",
        "digest": {
            "function_hash": "336641603681000015035378260319375439394",
            "length": 1410.0
        },
        "source": "https://github.com/vaadin/framework/commit/c39400b55da214b2b6eb87260fb8f485a78a8aa1",
        "id": "CVE-2019-25028-a2f91c9d",
        "target": {
            "file": "uitest/src/test/java/com/vaadin/tests/components/grid/GridResizeHiddenColumnTest.java",
            "function": "testDragResizeHiddenColumnSize"
        }
    },
    {
        "deprecated": false,
        "signature_type": "Line",
        "signature_version": "v1",
        "digest": {
            "line_hashes": [
                "145802151508175598029430370079265957318",
                "297195917877074439204303470271283275343",
                "263492562077096081474736922498611609",
                "68961282755823214253510235711551723968",
                "262127668737227261877694020220696387728",
                "230523905564265709666962162540234440708",
                "47900019607868529310579129746089630123",
                "311624149587918573141227453126641427703",
                "271179997655227917557505329999567111820",
                "217596032764845595737875797920695929474",
                "103388785315313009794110552235790421903"
            ],
            "threshold": 0.9
        },
        "source": "https://github.com/vaadin/framework/commit/c39400b55da214b2b6eb87260fb8f485a78a8aa1",
        "id": "CVE-2019-25028-bc4e3af8",
        "target": {
            "file": "uitest/src/test/java/com/vaadin/tests/components/grid/GridResizeHiddenColumnTest.java"
        }
    },
    {
        "deprecated": false,
        "signature_type": "Line",
        "signature_version": "v1",
        "digest": {
            "line_hashes": [
                "133205553974526904938020591278604924244",
                "140086636728589380866893370144692075481",
                "72308381027048159490602102591725513370",
                "77708941278154773478948984726792384600",
                "34034289072158396475208353483333544981",
                "157769354181333844384100947133441727370",
                "185710998852128006652124351544874218493",
                "26585018608724908099507441366239354922",
                "169385461260460829198110331323426997539"
            ],
            "threshold": 0.9
        },
        "source": "https://github.com/vaadin/framework/commit/c39400b55da214b2b6eb87260fb8f485a78a8aa1",
        "id": "CVE-2019-25028-c31af355",
        "target": {
            "file": "uitest/src/test/java/com/vaadin/tests/components/combobox/ComboBoxClosePopupRetainTextTest.java"
        }
    },
    {
        "deprecated": false,
        "signature_type": "Function",
        "signature_version": "v1",
        "digest": {
            "function_hash": "289025086072825599291112012723523489650",
            "length": 565.0
        },
        "source": "https://github.com/vaadin/framework/commit/c39400b55da214b2b6eb87260fb8f485a78a8aa1",
        "id": "CVE-2019-25028-e7f36790",
        "target": {
            "file": "uitest/src/test/java/com/vaadin/tests/components/window/WindowTwinColSelectTest.java",
            "function": "testBothVisibleAfterResize"
        }
    }
]