Lucene search
K

7 matches found

Github Security Blog
Github Security Blog
added 2021/06/28 4:56 p.m.70 views

Reflected cross-site scripting in development mode handler in Vaadin 14, 15-19

URL encoding error in development mode handler in com.vaadin:flow-server versions 2.0.0 through 2.6.1 Vaadin 14.0.0 through 14.6.1, 3.0.0 through 6.0.9 Vaadin 15.0.0 through 19.0.8 allows local user to execute arbitrary JavaScript code by opening crafted URL in browser. -...

2.5CVSS2.6AI score0.00286EPSS
Exploits0References5Affected Software1
vulnersOsv
vulnersOsv
added 2021/06/28 4:52 p.m.6 views

com.alibaba.rsocket:alibaba-broker-server (>=1.0.0 <=1.0.0.RC4), com.dorkbox.GradleVaadin:com.dorkbox.GradleVaadin.gradle.plugin (>=0.1 <=14.1.4) +252 more potentially affected by CVE-2021-33604 via com.vaadin:flow-server (>=2.0.0 <=2.6.1)

com.vaadin:flow-server MAVEN version =2.0.0, =1.0.0, =0.1, =1.4.0, =1.0, =0.0.1, =14.0.0, =14.0.0, =0.0.3, =1.0.0, =0.3.1, =1.0.0, =1.0.0, =0.5.1, =2.0.1, =2.2.3 and more Source cves: CVE-2021-33604 Source advisory: OSV:GHSA-8VFW-V2JV-9HWC...

2.5CVSS5.8AI score0.00286EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2021/06/28 4:52 p.m.5 views

com.beirtipol:jfixtools-reporting (=1.0-BETA), com.beirtipol:jfixtools-ui-vaadin (=1.0-BETA) +109 more potentially affected by CVE-2021-33604 via com.vaadin:flow-server (>=3.0.0 <=6.0.1)

com.vaadin:flow-server MAVEN version =3.0.0, =1.1.6, =15.0.0, =15.0.0, =0.17.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =5.0.0, =6.0.1 and more Source cves: CVE-2021-33604 Source advisory: OSV:GHSA-8VFW-V2JV-9HWC...

2.5CVSS5.8AI score0.00286EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2021/06/28 4:52 p.m.60 views

Reflected cross-site scripting in development mode handler in Vaadin

URL encoding error in development mode handler in com.vaadin:flow-server versions 2.0.0 through 2.6.1 Vaadin 14.0.0 through 14.6.1, 3.0.0 through 6.0.9 Vaadin 15.0.0 through 19.0.8 allows local user to execute arbitrary JavaScript code by opening crafted URL in browser. -...

2.5CVSS2.6AI score0.00286EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2021/06/24 12:15 p.m.38 views

CVE-2021-33604

URL encoding error in development mode handler in com.vaadin:flow-server versions 2.0.0 through 2.6.1 Vaadin 14.0.0 through 14.6.1, 3.0.0 through 6.0.9 Vaadin 15.0.0 through 19.0.8 allows local user to execute arbitrary JavaScript code by opening crafted URL in browser...

2.5CVSS7.1AI score0.00286EPSS
Exploits0References2
Cvelist
Cvelist
added 2021/06/24 11:16 a.m.61 views

CVE-2021-33604 Reflected cross-site scripting in development mode handler in Vaadin 14, 15-19

URL encoding error in development mode handler in com.vaadin:flow-server versions 2.0.0 through 2.6.1 Vaadin 14.0.0 through 14.6.1, 3.0.0 through 6.0.9 Vaadin 15.0.0 through 19.0.8 allows local user to execute arbitrary JavaScript code by opening crafted URL in browser...

2.5CVSS4.5AI score0.00286EPSS
Exploits0References2
CVE
CVE
added 2021/06/24 11:16 a.m.100 views

CVE-2021-33604

CVE-2021-33604 affects Vaadin Flow Server in development mode handler. The vulnerability is caused by a URL encoding error in the development mode handler of com.vaadin:flow-server, affecting versions 2.0.0–2.6.1 (Vaadin 14.0.0–14.6.1) and 3.0.0–6.0.9 (Vaadin 15.0.0–19.0.8). The underlying issue ...

2.5CVSS3.9AI score0.00286EPSS
Exploits0References2Affected Software2
Rows per page
Query Builder