7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.202 Low
EPSS
Percentile
96.3%
Security researchers Collin Jackson and Adam Barth reported a series of vulnerabilities which allow JavaScript to be injected into the context of signed JARs and executed under the context of the JARβs signer. This could allow an attacker to run JavaScript in a victimβs browser with the privileges of a different website, provided the attacker possesses a JAR signed by the other website.