Lucene search
K

MyFaces: XSS via state view

🗓️ 23 Feb 2010 20:20:00Reported by RedHatType 
redhat
 redhat
🔗 access.redhat.com👁 3 Views

MyFaces versions 1.1.7 and 1.2.8 use an unencrypted view state, enabling remote XSS or arbitrary expression language execution by tampering with the serialized view.

Related
Packages
Refs
OSOS VersionArchitecturePackagePackage VersionFilename
Red Hat Enterprise Linux4anyglassfish-jsf0:1.2_13-2.ep5.el4.noarchglassfish-jsf-0:1.2_13-2.ep5.el4.noarch.noarch.rpm
Red Hat Enterprise Linux5anyglassfish-jsf0:1.2_13-3.ep5.el5.noarchglassfish-jsf-0:1.2_13-3.ep5.el5.noarch.noarch.rpm
Red Hat Enterprise Linux5i386httpd0:2.2.14-1.2.1.ep5.el5httpd-0:2.2.14-1.2.1.ep5.el5.i386.rpm
Red Hat Enterprise Linux5x86_64httpd0:2.2.14-1.2.1.ep5.el5httpd-0:2.2.14-1.2.1.ep5.el5.x86_64.rpm
Red Hat Enterprise Linux5i386httpd-devel0:2.2.14-1.2.1.ep5.el5httpd-devel-0:2.2.14-1.2.1.ep5.el5.i386.rpm
Red Hat Enterprise Linux5x86_64httpd-devel0:2.2.14-1.2.1.ep5.el5httpd-devel-0:2.2.14-1.2.1.ep5.el5.x86_64.rpm
Red Hat Enterprise Linux5i386httpd-manual0:2.2.14-1.2.1.ep5.el5httpd-manual-0:2.2.14-1.2.1.ep5.el5.i386.rpm
Red Hat Enterprise Linux5x86_64httpd-manual0:2.2.14-1.2.1.ep5.el5httpd-manual-0:2.2.14-1.2.1.ep5.el5.x86_64.rpm
Red Hat Enterprise Linux4i386httpd220:2.2.14-4.ep5.el4httpd22-0:2.2.14-4.ep5.el4.i386.rpm
Red Hat Enterprise Linux4x86_64httpd220:2.2.14-4.ep5.el4httpd22-0:2.2.14-4.ep5.el4.x86_64.rpm
Rows per page

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

28 Jun 2026 12:21Current
5.9Medium risk
Vulners AI Score5.9
CVSS 24
EPSS0.02118
3