GHSA-fw5f-7c6c-3vmv

Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/05/GHSA-fw5f-7c6c-3vmv/GHSA-fw5f-7c6c-3vmv.json
Aliases
  • CVE-2020-10544
Published
2021-05-07T16:16:30Z
Modified
2022-09-21T22:35:51Z
Details

An XSS issue was discovered in tooltip/tooltip.js in PrimeTek PrimeFaces 7.0.11. In a web application using PrimeFaces, an attacker can provide JavaScript code in an input field whose data is later used as a tooltip title without any input validation.

References

Affected packages

npm / primefaces

primefaces

Affected ranges

Type
SEMVER
Events
Introduced
0
Fixed
8.0

Affected versions