Lucene search

K
osvGoogleOSV:GHSA-Q74R-4XW3-PPX9
HistoryApr 19, 2021 - 2:49 p.m.

Stored cross-site scripting in Grid component in Vaadin 7 and 8

2021-04-1914:49:48
Google
osv.dev
14

0.001 Low

EPSS

Percentile

41.4%

Missing variable sanitization in Grid component in com.vaadin:vaadin-server versions 7.4.0 through 7.7.19 (Vaadin 7.4.0 through 7.7.19), and 8.0.0 through 8.8.4 (Vaadin 8.0.0 through 8.8.4) allows attacker to inject malicious JavaScript via unspecified vector.

0.001 Low

EPSS

Percentile

41.4%