8 matches found
Cross-site Scripting (XSS)
Vaadin Framework is vulnerable to a Cross-Site Scripting XSS. The vulnerability is due to action captions accepting unsanitized HTML content by default, which allows an attacker to inject and execute malicious scripts when user-controlled input is rendered in UI components...
GHSA-7WWV-79XW-RVVG Vaadin vulnerable to Cross-site Scripting
Action captions in Vaadin accept HTML by default but were not sanitized, potentially allowing Cross-site Scripting XSS if caption content is derived from user input. In Vaadin Framework 7 and 8, the Action class is a general-purpose class that may be used by multiple components. The fixed version...
Cross-site Scripting (XSS)
Overview com.vaadin:vaadin-server is a Java framework for modern Java web applications. Affected versions of this package are vulnerable to Cross-site Scripting XSS in the ContextMenuManager and Action classed, when handling Action captions. An attacker can cause scripts to be executed by injecti...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS in the ContextMenuManager and Action classed, when handling Action captions. An attacker can cause scripts to be executed by injecting them into captions. Note: As of version 23, the Action class is only used by...
CVE-2025-15022 Cross-site scripting in Action caption
Action captions in Vaadin accept HTML by default but were not sanitized, potentially allowing Cross-site Scripting XSS if caption content is derived from user input. In Vaadin Framework 7 and 8, the Action class is a general-purpose class that may be used by multiple components. The fixed version...
CVE-2025-15022 Cross-site scripting in Action caption
Action captions in Vaadin accept HTML by default but were not sanitized, potentially allowing Cross-site Scripting XSS if caption content is derived from user input. In Vaadin Framework 7 and 8, the Action class is a general-purpose class that may be used by multiple components. The fixed version...
Cross-site scripting in Action caption
Action captions in Vaadin accept HTML by default but were not sanitized, potentially allowing Cross-site Scripting XSS if caption content is derived from user input. See CWE-79 Improper Neutralization of Input During Web Page Generation Cross-site Scripting Description In Vaadin Framework 7 and 8...
PT-2026-1225
Name of the Vulnerable Software and Affected Versions Vaadin versions 7.0.0 through 7.7.49 Vaadin versions 8.0.0 through 8.29.1 Vaadin versions 23.1.0 through 23.6.5 Vaadin versions 24.0.0 through 24.8.13 Vaadin versions 24.9.0 through 24.9.6 Description The application allows HTML in action...