Lucene search
K

7 matches found

OSV
OSV
added 2021/04/23 4:15 p.m.33 views

CVE-2019-25027

Missing output sanitization in default RouteNotFoundError view in com.vaadin:flow-server versions 1.0.0 through 1.0.10 Vaadin 10.0.0 through 10.0.13, and 1.1.0 through 1.4.2 Vaadin 11.0.0 through 13.0.5 allows attacker to execute malicious JavaScript via crafted URL...

6.1CVSS6.8AI score0.00668EPSS
Exploits0References2
NVD
NVD
added 2021/04/23 4:15 p.m.44 views

CVE-2019-25027

Missing output sanitization in default RouteNotFoundError view in com.vaadin:flow-server versions 1.0.0 through 1.0.10 Vaadin 10.0.0 through 10.0.13, and 1.1.0 through 1.4.2 Vaadin 11.0.0 through 13.0.5 allows attacker to execute malicious JavaScript via crafted URL...

6.1CVSS0.00668EPSS
Exploits0References2
Cvelist
Cvelist
added 2021/04/23 4:5 p.m.51 views

CVE-2019-25027 Reflected cross-site scripting in default RouteNotFoundError view in Vaadin 10 and 11-13

Missing output sanitization in default RouteNotFoundError view in com.vaadin:flow-server versions 1.0.0 through 1.0.10 Vaadin 10.0.0 through 10.0.13, and 1.1.0 through 1.4.2 Vaadin 11.0.0 through 13.0.5 allows attacker to execute malicious JavaScript via crafted URL...

6.1CVSS6.2AI score0.00668EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2021/04/19 2:52 p.m.7 views

com.vaadin:flow (>=1.0.0 <=1.0.10), com.vaadin:flow-client (>=1.0.0 <=1.0.10) +29 more potentially affected by CVE-2019-25027 via com.vaadin:flow-server (>=1.0.0 <=1.0.10)

com.vaadin:flow-server MAVEN version =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.10 - com.vaadin:vaadin =10.0.13 - com.vaadin:vaadin-board-flow =2.0.1 - com.vaadin:vaadin-button-flow =1.0.0 - com.vaadin:vaadin-charts-flow =6.0.1 -...

6.1CVSS6.3AI score0.00668EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2021/04/19 2:52 p.m.7 views

com.github.mcollovati.vertx:vaadin-flow-sockjs (=12.0.0), com.github.mcollovati.vertx:vertx-vaadin-flow (=12.0.0) +149 more potentially affected by CVE-2019-25027 via com.vaadin:flow-server (>=1.1.0 <=1.4.2)

com.vaadin:flow-server MAVEN version =1.1.0, =0.5.2, =1.0.0, =1.0.0, =1.0.0, =5.2.0, =5.2.0, =5.2.0, =5.2.0, =5.2.0, =5.2.0, =5.2.0, =5.2.0, =5.2.5 and more Source cves: CVE-2019-25027 Source advisory: OSV:GHSA-RP4X-WXQV-CF9M...

6.1CVSS6.3AI score0.00668EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2021/04/19 2:52 p.m.64 views

Reflected cross-site scripting in default RouteNotFoundError view in Vaadin 10 and 11-13

Missing output sanitization in default RouteNotFoundError view in com.vaadin:flow-server versions 1.0.0 through 1.0.10 Vaadin 10.0.0 through 10.0.13, and 1.1.0 through 1.4.2 Vaadin 11.0.0 through 13.0.5 allows attacker to execute malicious JavaScript via crafted URL. -...

6.1CVSS4.4AI score0.00668EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2021/04/19 2:48 p.m.53 views

Reflected cross-site scripting in default RouteNotFoundError view in Vaadin 10 and 11-13

Missing output sanitization in default RouteNotFoundError view in com.vaadin:flow-server versions 1.0.0 through 1.0.10 Vaadin 10.0.0 through 10.0.13, and 1.1.0 through 1.4.2 Vaadin 11.0.0 through 13.0.5 allows attacker to execute malicious JavaScript via crafted URL. -...

6.1CVSS4.4AI score0.00668EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder