Lucene search
+L

73 matches found

Veracode
Veracode
added 2018/10/02 7:56 a.m.10 views

Cross-site Scripting (XSS)

primefaces-extensions is vulnerable to cross-site scripting XSS attacks. The library does not escape the string input when setting the menuItem label, allowing a malicious user to inject and execute arbitrary Javascript...

6.1AI score
Exploits0
Veracode
Veracode
added 2018/08/08 12:45 p.m.9 views

Cross-site Scripting (XSS)

primefaces is vulnerable to cross-site scripting XSS attacks. The library does not properly sanitize the filename when a file is uploaded, allowing a malicious user to inject and execute arbitrary Javascript...

6.1AI score
Exploits0
Veracode
Veracode
added 2018/07/09 7:20 a.m.6 views

Cross-site Scripting (XSS)

primefaces is vulnerable to cross-site scripting XSS attacks. The vulnerability exists due to the lack of sanitization of the value of msg in core.dialog.js...

5.7AI score
Exploits0
Veracode
Veracode
added 2018/07/09 5:31 a.m.14 views

Cross-site Scripting (XSS)

primefaces is vulnerable to cross-site scripting XSS attacks. The vulnerability exists due to the lack of user sanitization of the value of summary in the fileUpload functionality...

5.7AI score
Exploits0
Veracode
Veracode
added 2018/06/19 5:54 a.m.11 views

Cross-Site Scripting (XSS)

primefaces is vulnerable to cross-site scripting XSS. The attack is possible because the application does not perform enough sanitization on the following attributes: stateOneTitle, stateTwoTitle, stateThreeTitle in TriStateCheckboxRenderer.java...

6.1AI score
Exploits0
Veracode
Veracode
added 2018/06/19 1:55 a.m.10 views

Cross-site Scripting (XSS)

primefaces is vulnerable to cross-site scripting XSS attacks. The vulnerability exists due to the lack of sanitization on the href value when rendered through printer.js, allowing XSS attacks to occur...

5.3AI score
Exploits0
Veracode
Veracode
added 2018/06/11 3:6 a.m.7 views

Cross-Site Scripting (XSS)

primefaces is vulnerable to cross-site scripting XSS. The attack exists because it does not have adequate sanitization for the user input in PrimeFaces.escapeHTML function...

6.1AI score
Exploits0
Openbugbounty
Openbugbounty
added 2018/04/27 12:1 p.m.8 views

pro.primefaces.org XSS vulnerability

Open Bug Bounty ID: OBB-609289 Description| Value ---|--- Affected Website:| pro.primefaces.org Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

Exploits0
Veracode
Veracode
added 2018/04/23 5:56 a.m.9 views

Cross-site Scripting (XSS)

primefaces is vulnerable to multiple cross-site scripting XSS attacks. The vulnerability exists due to the lack of sanitization for the values of the following views: tabView, carousel, dataGrid, dataList, pickList, commandButton...

5.9AI score
Exploits0
Veracode
Veracode
added 2018/03/26 5:54 a.m.11 views

Cross-site Scripting (XSS)

primefaces is vulnerable to cross-site scripting XSS attacks. The vulnerability exists due to the lack of sanitization of param values under non-AJAX implementations of AbstractMenu such as in BaseMenuRenderer...

5.7AI score
Exploits0
Veracode
Veracode
added 2018/03/23 2:21 a.m.7 views

Cross-site Scripting (XSS)

primefaces is vulnerable to cross-site scripting XSS attacks. The vulnerability exists due to the lack of sanitization of the paramValue variable found in AjaxRequestBuilder, allowing malicious scripts to be executed when the values are displayed...

5.7AI score
Exploits0
Veracode
Veracode
added 2018/03/13 5:28 a.m.4 views

Cross-site Scripting (XSS)

primefaces is vulnerable to cross-site scripting XSS attacks. The vulnerability exists due to the lack of sanitization of the item, and inputTextarea.getCounterTemplate attributes in the InputTextareaRenderer class...

5.7AI score
Exploits0
Veracode
Veracode
added 2018/03/13 5:24 a.m.9 views

Cross-site Scripting (XSS)

primefaces is vulnerable to cross-site scripting XSS attacks. The vulnerability exists due to the lack of sanization on msg.summary and msg.detail in validation.js...

5.7AI score
Exploits0
Veracode
Veracode
added 2018/03/13 5:12 a.m.9 views

Cross-site Scripting (XSS)

primefaces is vulnerable to cross-site scripting XSS attacks. The vulnerability exists due to the lack of sanitization for the data fields in the AutoCompleteRenderer class...

5.7AI score
Exploits0
Veracode
Veracode
added 2018/03/09 4:10 a.m.16 views

Cross-site Scripting (XSS)

primefaces is vulnerable to cross-site scripting XSS attacks. The library does not properly escape cfg.promptLabel, item.children'span'.text, input.next.text and input.val, found in forms.password.js, forms.multiselectlistbox.js, and forms.selectcheckboxmenu.js respectively. These improper...

6AI score
Exploits0
Veracode
Veracode
added 2018/03/08 10:29 a.m.5 views

Cross-site Scripting (XSS)

primefaces is vulnerable to cross-site scripting XSS attacks. The library does not properly escape the headerText and footerText variables in the UIColumn, allowing a malicious user to inject and execute arbitrary Javascript...

6.1AI score
Exploits0
Veracode
Veracode
added 2018/02/02 7:6 a.m.7 views

Cross-Site Scripting (XSS)

primefaces is vulnerable to cross-site scripting XSS attacks. The library doesn't properly escape the option parameter, allowing a malicious user to inject and execute arbitrary Javascript...

6.1AI score
Exploits0
Veracode
Veracode
added 2018/01/31 8:42 a.m.6 views

Cross-site Scripting (XSS)

PrimeFaces is vulnerable to cross-site scripting XSS attacks. The library does not properly sanitize the p:colorPicker variable, allowing a malicious user to inject arbitrary CSS...

5.8AI score
Exploits0
Veracode
Veracode
added 2018/01/26 9:34 p.m.7 views

Cross-Site Scripting (XSS)

The primefaces library is vulnerable to cross-site scripting XSS attacks through the href and target attributes of ButtonRenderer. Malicious code that is returned in the Content-Type: text/javascript context can result in that code executing within the target user's browser session...

5.8AI score
Exploits0
Packet Storm
Packet Storm
added 2018/01/18 12:0 a.m.124 views

Primefaces 5.x Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'CVE-2017-1000486 Primefaces Remote Code Execution Exploit', 'Description' = %q This module exploits an expression language remote code execution...

7.5CVSS0.4AI score0.94104EPSS
Exploits6
Rows per page
Query Builder