23 matches found
CVE-2019-12416
we got reports for 2 injection attacks against the DeltaSpike windowhandler.js. This is only active if a developer selected the ClientSideWindowStrategy which is not the default...
EUVD-2022-2424
Malicious code in bioql PyPI...
EUVD-2022-1174
Malicious code in bioql PyPI...
Cross-site Scripting in Apache DeltaSpike
The Apache DeltaSpike-JSF 1.8.0 module has a XSS injection leak in the windowId handling. The default size of the windowId get's cut off after 10 characters by default, so the impact might be limited. A fix got applied and released in Apache deltaspike-1.8.1...
GHSA-4Q23-G7MF-XP98 Cross-site Scripting in Apache DeltaSpike
The Apache DeltaSpike-JSF 1.8.0 module has a XSS injection leak in the windowId handling. The default size of the windowId get's cut off after 10 characters by default, so the impact might be limited. A fix got applied and released in Apache deltaspike-1.8.1...
GHSA-RHG5-FQR3-HRF5 Injection in DeltaSpike
we got reports for 2 injection attacks against the DeltaSpike windowhandler.js. This is only active if a developer selected the ClientSideWindowStrategy which is not the default...
Injection in DeltaSpike
we got reports for 2 injection attacks against the DeltaSpike windowhandler.js. This is only active if a developer selected the ClientSideWindowStrategy which is not the default...
Cross-Site Scripting (XSS)
deltaspike is vulnerable to cross-site scripting XSS. A remote attacker is able to inject and execute arbitrary Javascript in a user's browser via the dswid parameter and the URL...
Apache DeltaSpike Injection Vulnerability
Apache DeltaSpike is a portable CDI extension suite from the Apache Software USA Foundation. A security vulnerability exists in the windowhandler.js file in Apache DeltaSpike 1.9.2 and earlier versions. An attacker can exploit the vulnerability to inject JavaScript code...
CVE-2019-12416
we got reports for 2 injection attacks against the DeltaSpike windowhandler.js. This is only active if a developer selected the ClientSideWindowStrategy which is not the default...
CVE-2019-12416
we got reports for 2 injection attacks against the DeltaSpike windowhandler.js. This is only active if a developer selected the ClientSideWindowStrategy which is not the default...
Design/Logic Flaw
we got reports for 2 injection attacks against the DeltaSpike windowhandler.js. This is only active if a developer selected the ClientSideWindowStrategy which is not the default...
CVE-2019-12416
we got reports for 2 injection attacks against the DeltaSpike windowhandler.js. This is only active if a developer selected the ClientSideWindowStrategy which is not the default...
CVE-2019-12416
CVE-2019-12416 concerns two reported injection attacks against DeltaSpike’s windowhandler.js, active only when the ClientSideWindowStrategy is explicitly selected (not the default). The connected Red Hat and OSV/GHSA entries repeat this description and confirm the issue is tied to DeltaSpike, wit...
PT-2020-9310 · Unknown · Deltaspike
Name of the Vulnerable Software and Affected Versions: DeltaSpike affected versions not specified Description: There have been reports of injection attacks against the DeltaSpike windowhandler.js. This issue is only relevant if a developer has selected the ClientSideWindowStrategy, which is not t...
CVE-2017-17837
The Apache DeltaSpike-JSF 1.8.0 module has a XSS injection leak in the windowId handling. The default size of the windowId get's cut off after 10 characters by default, so the impact might be limited. A fix got applied and released in Apache deltaspike-1.8.1...
Cross-site Scripting (XSS)
Apache Deltaspike is vulnerable to cross-site scripting XSS. The application does not properly escape the windowId variable, allowing a malicious user to inject and execute arbitrary Javascript. The impact is limited because the size of the variable is cut off after 10 characters...
CVE-2017-17837
The Apache DeltaSpike-JSF 1.8.0 module has a XSS injection leak in the windowId handling. The default size of the windowId get's cut off after 10 characters by default, so the impact might be limited. A fix got applied and released in Apache deltaspike-1.8.1...
CVE-2017-17837
The Apache DeltaSpike-JSF 1.8.0 module has a XSS injection leak in the windowId handling. The default size of the windowId get's cut off after 10 characters by default, so the impact might be limited. A fix got applied and released in Apache deltaspike-1.8.1...
Cross site scripting
The Apache DeltaSpike-JSF 1.8.0 module has a XSS injection leak in the windowId handling. The default size of the windowId get's cut off after 10 characters by default, so the impact might be limited. A fix got applied and released in Apache deltaspike-1.8.1...