73 matches found
Cross-site Scripting (XSS)
primefaces-extensions is vulnerable to cross-site scripting XSS attacks. The library does not escape the string input when setting the menuItem label, allowing a malicious user to inject and execute arbitrary Javascript...
Cross-site Scripting (XSS)
primefaces is vulnerable to cross-site scripting XSS attacks. The library does not properly sanitize the filename when a file is uploaded, allowing a malicious user to inject and execute arbitrary Javascript...
Cross-site Scripting (XSS)
primefaces is vulnerable to cross-site scripting XSS attacks. The vulnerability exists due to the lack of sanitization of the value of msg in core.dialog.js...
Cross-site Scripting (XSS)
primefaces is vulnerable to cross-site scripting XSS attacks. The vulnerability exists due to the lack of user sanitization of the value of summary in the fileUpload functionality...
Cross-Site Scripting (XSS)
primefaces is vulnerable to cross-site scripting XSS. The attack is possible because the application does not perform enough sanitization on the following attributes: stateOneTitle, stateTwoTitle, stateThreeTitle in TriStateCheckboxRenderer.java...
Cross-site Scripting (XSS)
primefaces is vulnerable to cross-site scripting XSS attacks. The vulnerability exists due to the lack of sanitization on the href value when rendered through printer.js, allowing XSS attacks to occur...
Cross-Site Scripting (XSS)
primefaces is vulnerable to cross-site scripting XSS. The attack exists because it does not have adequate sanitization for the user input in PrimeFaces.escapeHTML function...
pro.primefaces.org XSS vulnerability
Open Bug Bounty ID: OBB-609289 Description| Value ---|--- Affected Website:| pro.primefaces.org Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
Cross-site Scripting (XSS)
primefaces is vulnerable to multiple cross-site scripting XSS attacks. The vulnerability exists due to the lack of sanitization for the values of the following views: tabView, carousel, dataGrid, dataList, pickList, commandButton...
Cross-site Scripting (XSS)
primefaces is vulnerable to cross-site scripting XSS attacks. The vulnerability exists due to the lack of sanitization of param values under non-AJAX implementations of AbstractMenu such as in BaseMenuRenderer...
Cross-site Scripting (XSS)
primefaces is vulnerable to cross-site scripting XSS attacks. The vulnerability exists due to the lack of sanitization of the paramValue variable found in AjaxRequestBuilder, allowing malicious scripts to be executed when the values are displayed...
Cross-site Scripting (XSS)
primefaces is vulnerable to cross-site scripting XSS attacks. The vulnerability exists due to the lack of sanitization of the item, and inputTextarea.getCounterTemplate attributes in the InputTextareaRenderer class...
Cross-site Scripting (XSS)
primefaces is vulnerable to cross-site scripting XSS attacks. The vulnerability exists due to the lack of sanization on msg.summary and msg.detail in validation.js...
Cross-site Scripting (XSS)
primefaces is vulnerable to cross-site scripting XSS attacks. The vulnerability exists due to the lack of sanitization for the data fields in the AutoCompleteRenderer class...
Cross-site Scripting (XSS)
primefaces is vulnerable to cross-site scripting XSS attacks. The library does not properly escape cfg.promptLabel, item.children'span'.text, input.next.text and input.val, found in forms.password.js, forms.multiselectlistbox.js, and forms.selectcheckboxmenu.js respectively. These improper...
Cross-site Scripting (XSS)
primefaces is vulnerable to cross-site scripting XSS attacks. The library does not properly escape the headerText and footerText variables in the UIColumn, allowing a malicious user to inject and execute arbitrary Javascript...
Cross-Site Scripting (XSS)
primefaces is vulnerable to cross-site scripting XSS attacks. The library doesn't properly escape the option parameter, allowing a malicious user to inject and execute arbitrary Javascript...
Cross-site Scripting (XSS)
PrimeFaces is vulnerable to cross-site scripting XSS attacks. The library does not properly sanitize the p:colorPicker variable, allowing a malicious user to inject arbitrary CSS...
Cross-Site Scripting (XSS)
The primefaces library is vulnerable to cross-site scripting XSS attacks through the href and target attributes of ButtonRenderer. Malicious code that is returned in the Content-Type: text/javascript context can result in that code executing within the target user's browser session...
Primefaces 5.x Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'CVE-2017-1000486 Primefaces Remote Code Execution Exploit', 'Description' = %q This module exploits an expression language remote code execution...