GHSA-q74r-4xw3-ppx9
Suggest an improvement- Source
- https://github.com/advisories/GHSA-q74r-4xw3-ppx9
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/04/GHSA-q74r-4xw3-ppx9/GHSA-q74r-4xw3-ppx9.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-q74r-4xw3-ppx9
- Aliases
- Published
- 2021-04-19T14:49:48Z
- Modified
- 2023-11-08T04:01:32.613814Z
- Severity
-
- 5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N CVSS Calculator
- Summary
- Stored cross-site scripting in Grid component in Vaadin 7 and 8
- Details
-
Missing variable sanitization in
Gridcomponent incom.vaadin:vaadin-serverversions 7.4.0 through 7.7.19 (Vaadin 7.4.0 through 7.7.19), and 8.0.0 through 8.8.4 (Vaadin 8.0.0 through 8.8.4) allows attacker to inject malicious JavaScript via unspecified vector.- https://vaadin.com/security/cve-2019-25028
- Database specific
{ "github_reviewed": true, "github_reviewed_at": "2021-04-16T23:15:34Z", "severity": "MODERATE", "nvd_published_at": "2021-04-23T16:15:00Z", "cwe_ids": [ "CWE-79", "CWE-80" ] }- References
Affected packages
Maven / com.vaadin:vaadin-bom
Package
- Name
- com.vaadin:vaadin-bom
- View open source insights on deps.dev
- Purl
- pkg:maven/com.vaadin/vaadin-bom
Affected versions
7.*
7.4.0
7.4.1
7.4.2
7.4.3
7.4.4
7.4.5
7.4.6
7.4.7
7.4.8
7.5.0.beta1
7.5.0.beta2
7.5.0.beta3
7.5.0.rc1
7.5.0.rc2
7.5.0
7.5.1
7.5.2
7.5.3
7.5.4
7.5.5
7.5.6
7.5.7
7.5.8
7.5.9
7.5.10
7.6.0.alpha1
7.6.0.alpha2
7.6.0
7.6.1
7.6.2
7.6.3
7.6.4
7.6.5
7.6.6
7.6.7
7.6.8
7.7.0
7.7.1
7.7.2
7.7.3
7.7.4
7.7.5
7.7.6
7.7.7
7.7.8
7.7.9
7.7.10
7.7.11
7.7.12
7.7.13
7.7.14
7.7.15
7.7.16
7.7.17
Maven / com.vaadin:vaadin-bom
Package
- Name
- com.vaadin:vaadin-bom
- View open source insights on deps.dev
- Purl
- pkg:maven/com.vaadin/vaadin-bom
Affected versions
8.*
8.0.0
8.0.1
8.0.2
8.0.3
8.0.4
8.0.5
8.0.6
8.0.7
8.1.0
8.1.1
8.1.2
8.1.3
8.1.4
8.1.5
8.1.6
8.1.7
8.1.8
8.2.0
8.2.1
8.3.0
8.3.1
8.3.2
8.3.3
8.4.0
8.4.1
8.4.2
8.4.3
8.4.4
8.4.5
8.5.0
8.5.1
8.5.2
8.6.0
8.6.1
8.6.2
8.6.3
8.6.4
8.7.0.beta1
8.7.0
8.7.1
8.7.2
8.8.0
8.8.1
8.8.2
8.8.3
8.8.4
Maven / com.vaadin:vaadin-server
Package
- Name
- com.vaadin:vaadin-server
- View open source insights on deps.dev
- Purl
- pkg:maven/com.vaadin/vaadin-server
Affected versions
7.*
7.4.0
7.4.1
7.4.2
7.4.3
7.4.4
7.4.5
7.4.6
7.4.7
7.4.8
7.5.0.alpha1
7.5.0.beta1
7.5.0.beta2
7.5.0.beta3
7.5.0.rc1
7.5.0.rc2
7.5.0
7.5.1
7.5.2
7.5.3
7.5.4
7.5.5
7.5.6
7.5.7
7.5.8
7.5.9
7.5.10
7.6.0.alpha1
7.6.0.alpha2
7.6.0
7.6.1
7.6.2
7.6.3
7.6.4
7.6.5
7.6.6
7.6.7
7.6.8
7.7.0
7.7.1
7.7.2
7.7.3
7.7.4
7.7.5
7.7.6
7.7.7
7.7.8
7.7.9
7.7.10
7.7.11
7.7.12
7.7.13
7.7.14
7.7.15
7.7.16
7.7.17
Maven / com.vaadin:vaadin-server
Package
- Name
- com.vaadin:vaadin-server
- View open source insights on deps.dev
- Purl
- pkg:maven/com.vaadin/vaadin-server
Affected versions
8.*
8.0.0
8.0.1
8.0.2
8.0.3
8.0.4
8.0.5
8.0.6
8.0.7
8.1.0
8.1.1
8.1.2
8.1.3
8.1.4
8.1.5
8.1.6
8.1.7
8.1.8
8.2.0
8.2.1
8.3.0
8.3.1
8.3.2
8.3.3
8.4.0
8.4.1
8.4.2
8.4.3
8.4.4
8.4.5
8.5.0
8.5.1
8.5.2
8.6.0
8.6.1
8.6.2
8.6.3
8.6.4
8.7.0.beta1
8.7.0
8.7.1
8.7.2
8.8.0
8.8.1
8.8.2
8.8.3
8.8.4