Stored cross-site scripting in Grid component in Vaadin 7 and 8

2021-04-19T14:49:48
ID GHSA-Q74R-4XW3-PPX9
Type github
Reporter GitHub Advisory Database
Modified 2021-05-06T17:13:45

Description

Missing variable sanitization in Grid component in com.vaadin:vaadin-server versions 7.4.0 through 7.7.19 (Vaadin 7.4.0 through 7.7.19), and 8.0.0 through 8.8.4 (Vaadin 8.0.0 through 8.8.4) allows attacker to inject malicious JavaScript via unspecified vector.

  • https://vaadin.com/security/cve-2019-25028