Lucene search
K

11 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2021-0873

Malware in sbrugna...

6.1CVSS6.1AI score0.00668EPSS
Exploits0References5
OSV
OSV
added 2021/06/28 4:55 p.m.25 views

GHSA-QRG9-F472-QWFM Possible route enumeration in production mode via RouteNotFoundError view in Vaadin 10, 11-14, and 15-19

Improper sanitization of path in default RouteNotFoundError view in com.vaadin:flow-server versions 1.0.0 through 1.0.14 Vaadin 10.0.0 through 10.0.18, 1.1.0 prior to 2.0.0 Vaadin 11 prior to 14, 2.0.0 through 2.6.1 Vaadin 14.0.0 through 14.6.1, and 3.0.0 through 6.0.9 Vaadin 15.0.0 through 19.0....

5.3CVSS5.1AI score0.01318EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2021/06/28 4:55 p.m.84 views

Possible route enumeration in production mode via RouteNotFoundError view in Vaadin 10, 11-14, and 15-19

Improper sanitization of path in default RouteNotFoundError view in com.vaadin:flow-server versions 1.0.0 through 1.0.14 Vaadin 10.0.0 through 10.0.18, 1.1.0 prior to 2.0.0 Vaadin 11 prior to 14, 2.0.0 through 2.6.1 Vaadin 14.0.0 through 14.6.1, and 3.0.0 through 6.0.9 Vaadin 15.0.0 through 19.0....

5.3CVSS2AI score0.01318EPSS
Exploits0References5Affected Software1
Veracode
Veracode
added 2021/06/25 4:45 a.m.22 views

Information Disclosure

flow-server is vulnerable to information disclosure. Lack of validation and sanitization of path in the default RouteNotFoundError view allows an attacker to enumerate available routes via malicious HTTP requests...

5.3CVSS2AI score0.01318EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2021/04/23 4:15 p.m.32 views

CVE-2019-25027

Missing output sanitization in default RouteNotFoundError view in com.vaadin:flow-server versions 1.0.0 through 1.0.10 Vaadin 10.0.0 through 10.0.13, and 1.1.0 through 1.4.2 Vaadin 11.0.0 through 13.0.5 allows attacker to execute malicious JavaScript via crafted URL...

6.1CVSS6.8AI score0.00668EPSS
Exploits0References2
Prion
Prion
added 2021/04/23 4:15 p.m.19 views

Design/Logic Flaw

Missing output sanitization in default RouteNotFoundError view in com.vaadin:flow-server versions 1.0.0 through 1.0.10 Vaadin 10.0.0 through 10.0.13, and 1.1.0 through 1.4.2 Vaadin 11.0.0 through 13.0.5 allows attacker to execute malicious JavaScript via crafted URL...

4.3CVSS6.2AI score0.00668EPSS
Exploits0References2Affected Software2
Cvelist
Cvelist
added 2021/04/23 4:5 p.m.50 views

CVE-2019-25027 Reflected cross-site scripting in default RouteNotFoundError view in Vaadin 10 and 11-13

Missing output sanitization in default RouteNotFoundError view in com.vaadin:flow-server versions 1.0.0 through 1.0.10 Vaadin 10.0.0 through 10.0.13, and 1.1.0 through 1.4.2 Vaadin 11.0.0 through 13.0.5 allows attacker to execute malicious JavaScript via crafted URL...

6.1CVSS6.2AI score0.00668EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2021/04/19 2:52 p.m.64 views

Reflected cross-site scripting in default RouteNotFoundError view in Vaadin 10 and 11-13

Missing output sanitization in default RouteNotFoundError view in com.vaadin:flow-server versions 1.0.0 through 1.0.10 Vaadin 10.0.0 through 10.0.13, and 1.1.0 through 1.4.2 Vaadin 11.0.0 through 13.0.5 allows attacker to execute malicious JavaScript via crafted URL. -...

6.1CVSS4.4AI score0.00668EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2021/04/19 2:48 p.m.53 views

Reflected cross-site scripting in default RouteNotFoundError view in Vaadin 10 and 11-13

Missing output sanitization in default RouteNotFoundError view in com.vaadin:flow-server versions 1.0.0 through 1.0.10 Vaadin 10.0.0 through 10.0.13, and 1.1.0 through 1.4.2 Vaadin 11.0.0 through 13.0.5 allows attacker to execute malicious JavaScript via crafted URL. -...

6.1CVSS4.4AI score0.00668EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2021/04/19 2:48 p.m.30 views

GHSA-JQJ4-R483-4GVR Reflected cross-site scripting in default RouteNotFoundError view in Vaadin 10 and 11-13

Missing output sanitization in default RouteNotFoundError view in com.vaadin:flow-server versions 1.0.0 through 1.0.10 Vaadin 10.0.0 through 10.0.13, and 1.1.0 through 1.4.2 Vaadin 11.0.0 through 13.0.5 allows attacker to execute malicious JavaScript via crafted URL. -...

6.1CVSS6.1AI score0.00668EPSS
Exploits0References3
Vaadin
Vaadin
added 2019/05/27 12:0 a.m.39 views

Reflected cross-site scripting in default RouteNotFoundError view in Vaadin 10 and 11-13

Missing output sanitization in default RouteNotFoundError view in com.vaadin:flow-server versions 1.0.0 through 1.0.10 Vaadin 10.0.0 through 10.0.13, and 1.1.0 through 1.4.2 Vaadin 11.0.0 through 13.0.5 allows attacker to execute malicious JavaScript via crafted URL. See CWE-81: Improper...

6.1CVSS1.3AI score0.00668EPSS
Exploits0References1Affected Software2
Rows per page
Query Builder