GHSA-93c4-vf86-3rj7
Suggest an improvement- Source
- https://github.com/advisories/GHSA-93c4-vf86-3rj7
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/11/GHSA-93c4-vf86-3rj7/GHSA-93c4-vf86-3rj7.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-93c4-vf86-3rj7
- Aliases
- Published
- 2021-11-03T17:33:32Z
- Modified
- 2023-11-08T04:06:05.923539Z
- Severity
-
- 6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
- Summary
- Reflected cross-site scripting in vaadin-menu-bar webjar resources in Vaadin 14
- Details
-
Missing output sanitization in test sources in
org.webjars.bowergithub.vaadin:vaadin-menu-barversions 1.0.0 through 1.2.0 (Vaadin 14.0.0 through 14.4.4) allows remote attackers to execute malicious JavaScript in browser by opening crafted URL. - Database specific
{ "nvd_published_at": "2021-11-02T10:15:00Z", "github_reviewed_at": "2021-11-02T19:53:07Z", "severity": "MODERATE", "github_reviewed": true, "cwe_ids": [ "CWE-79" ] }- References
Affected packages
Maven / com.vaadin:vaadin-bom
Package
- Name
- com.vaadin:vaadin-bom
- View open source insights on deps.dev
- Purl
- pkg:maven/com.vaadin/vaadin-bom
Affected versions
14.*
14.0.0
14.0.1
14.0.2
14.0.3
14.0.4
14.0.5
14.0.6
14.0.7
14.0.8
14.0.9
14.0.10
14.0.11
14.0.12
14.0.13
14.0.14
14.0.15
14.1.0
14.1.1
14.1.2
14.1.3
14.1.4
14.1.5
14.1.16
14.1.17
14.1.18
14.1.19
14.1.20
14.1.21
14.1.22
14.1.23
14.1.24
14.1.25
14.1.26
14.1.27
14.1.28
14.2.0
14.2.1
14.2.2
14.2.3
14.3.0
14.3.1
14.3.2
14.3.3
14.3.4
14.3.5
14.3.6
14.3.7
14.3.8
14.3.9
14.4.0
14.4.1
14.4.2
14.4.3
14.4.4
Maven / org.webjars.bowergithub.vaadin:vaadin-menu-bar
Package
- Name
- org.webjars.bowergithub.vaadin:vaadin-menu-bar
- View open source insights on deps.dev
- Purl
- pkg:maven/org.webjars.bowergithub.vaadin/vaadin-menu-bar