Cross-Site Scripting (XSS)

PrimeFaces Extensions is vulnerable to cross-site scripting XSS. The vulnerability is possible because it fails to validate the input parameters in the triStateManyCheckbox function...

Cross-site Scripting (XSS)

primefaces-extensions is vulnerable to cross-site scripting XSS attacks. The library does not escape the string input when setting the menuItem label, allowing a malicious user to inject and execute arbitrary Javascript...