GHSA-3m3r-82gc-53mj

Suggest an improvement
Source
https://github.com/advisories/GHSA-3m3r-82gc-53mj
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-3m3r-82gc-53mj/GHSA-3m3r-82gc-53mj.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-3m3r-82gc-53mj
Aliases
Published
2022-05-14T02:54:24Z
Modified
2024-12-05T05:43:27.877329Z
Summary
Improper Neutralization of Input During Web Page Generation in Mojarra
Details

Oracle Mojarra 2.2.x before 2.2.6 and 2.1.x before 2.1.28 does not perform appropriate encoding when a (1) <h:outputText> tag or (2) EL expression is used after a scriptor style block, which allows remote attackers to conduct cross-site scripting (XSS) attacks via application-specific vectors.

Database specific 
{
    "nvd_published_at": "2014-07-17T05:10:00Z",
    "cwe_ids": [
        "CWE-79"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2022-07-07T23:30:20Z"
}
References

Affected packages

Maven / org.glassfish:javax.faces

Package

Name
org.glassfish:javax.faces
View open source insights on deps.dev
Purl
pkg:maven/org.glassfish/javax.faces

Affected ranges

Type
ECOSYSTEM
Events
Introduced
2.2.0
Fixed
2.2.6

Affected versions

2.*

2.2.0
2.2.1
2.2.2
2.2.3
2.2.4
2.2.5

Maven / org.glassfish:javax.faces

Package

Name
org.glassfish:javax.faces
View open source insights on deps.dev
Purl
pkg:maven/org.glassfish/javax.faces

Affected ranges

Type
ECOSYSTEM
Events
Introduced
2.1.0
Fixed
2.1.28

Affected versions

2.*

2.1.2
2.1.3
2.1.4
2.1.5
2.1.5-02
2.1.5-04
2.1.6
2.1.7
2.1.7-01
2.1.7-02
2.1.7-03
2.1.7-04
2.1.7-05
2.1.7-06
2.1.7-07
2.1.7-08
2.1.7-09
2.1.7-10
2.1.8
2.1.9
2.1.10
2.1.11
2.1.12
2.1.13
2.1.14
2.1.15
2.1.16
2.1.17
2.1.18
2.1.19
2.1.20
2.1.20-02
2.1.20-03
2.1.20-04
2.1.20-05
2.1.20-06
2.1.20-07
2.1.20-08
2.1.20-09
2.1.20-10
2.1.20-11
2.1.20-12
2.1.20-13
2.1.20-14
2.1.20-15
2.1.20-16
2.1.21
2.1.22
2.1.23
2.1.24
2.1.25
2.1.26
2.1.27