UBUNTU-CVE-2013-5855

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2013-5855

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2013/UBUNTU-CVE-2013-5855.json

JSON Data

https://api.osv.dev/v1/vulns/UBUNTU-CVE-2013-5855

Related

CVE-2013-5855

Published

2014-07-17T05:10:00Z

Modified

2014-07-17T05:10:00Z

Summary

[none]

Details

Oracle Mojarra 2.2.x before 2.2.6 and 2.1.x before 2.1.28 does not perform appropriate encoding when a (1) <h:outputText> tag or (2) EL expression is used after a scriptor style block, which allows remote attackers to conduct cross-site scripting (XSS) attacks via application-specific vectors.

References

Affected packages

Ubuntu:16.04:LTS / mojarra

Package

Name: mojarra
Purl: pkg:deb/ubuntu/mojarra?arch=src?distro=xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.2.8-2

Affected versions

2.*

2.2.8-1

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "binary_version": "2.2.8-2",
            "binary_name": "libjsf-api-java"
        },
        {
            "binary_version": "2.2.8-2",
            "binary_name": "libjsf-java-doc"
        }
    ]
}

Ubuntu:18.04:LTS / mojarra

Package

Name: mojarra
Purl: pkg:deb/ubuntu/mojarra?arch=src?distro=bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.2.8-5

Affected versions

2.*

2.2.8-3

2.2.8-4

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "binary_version": "2.2.8-5",
            "binary_name": "libjsf-api-java"
        },
        {
            "binary_version": "2.2.8-5",
            "binary_name": "libjsf-java-doc"
        }
    ]
}