7 matches found
com.vaadin:vaadin (>=23.1.0 <=23.1.17), com.vaadin:vaadin-jandex (>=23.1.0 <=23.1.17) +2 more potentially affected by CVE-2025-15022 via com.vaadin:vaadin-spreadsheet-flow (>=23.1.0 <=23.1.9)
com.vaadin:vaadin-spreadsheet-flow MAVEN version =23.1.0, =23.1.0, =23.1.0, =23.1.0, =2.5.2, =2.5.3 Source cves: CVE-2025-15022 Source advisory: OSV:GHSA-7WWV-79XW-RVVG...
com.vaadin:vaadin (>=24.9.0 <=24.9.17) potentially affected by CVE-2025-15022 via com.vaadin:vaadin-spreadsheet-flow (>=24.9.0 <=24.9.6)
com.vaadin:vaadin-spreadsheet-flow MAVEN version =24.9.0, =24.9.0, =24.9.17 Source cves: CVE-2025-15022 Source advisory: OSV:GHSA-7WWV-79XW-RVVG...
com.vaadin:vaadin (>=24.7.0 <=24.10.6) potentially affected by CVE-2025-15022 via com.vaadin:vaadin-spreadsheet-flow (>=24.10.0-beta1 <=24.8.13)
com.vaadin:vaadin-spreadsheet-flow MAVEN version =24.10.0-beta1, =24.7.0, =24.10.6 Source cves: CVE-2025-15022 Source advisory: OSV:GHSA-7WWV-79XW-RVVG...
com.vaadin:vaadin (>=23.1.0 <=23.1.17), com.vaadin:vaadin-jandex (>=23.1.0 <=23.1.17) +2 more potentially affected by CVE-2025-15022 via com.vaadin:vaadin-spreadsheet-flow (>=23.1.0 <=23.1.9)
com.vaadin:vaadin-spreadsheet-flow MAVEN version =23.1.0, =23.1.0, =23.1.0, =23.1.0, =2.5.2, =2.5.3 Source cves: CVE-2025-15022 Source advisory: SNYK:JAVA-COMVAADIN-14860869...
com.vaadin:vaadin (>=24.9.0 <=24.9.17) potentially affected by CVE-2025-15022 via com.vaadin:vaadin-spreadsheet-flow (>=24.9.0 <=24.9.5)
com.vaadin:vaadin-spreadsheet-flow MAVEN version =24.9.0, =24.9.0, =24.9.17 Source cves: CVE-2025-15022 Source advisory: SNYK:JAVA-COMVAADIN-14860869...
com.vaadin:vaadin (>=24.7.0 <=24.10.6) potentially affected by CVE-2025-15022 via com.vaadin:vaadin-spreadsheet-flow (>=24.10.0-beta1 <=24.8.13)
com.vaadin:vaadin-spreadsheet-flow MAVEN version =24.10.0-beta1, =24.7.0, =24.10.6 Source cves: CVE-2025-15022 Source advisory: SNYK:JAVA-COMVAADIN-14860869...
CVE-2025-15022
CVE-2025-15022 describes an XSS vulnerability in Vaadin where caption HTML was not sanitized. Affected are Vaadin Framework 7 (7.0.0–7.7.49) and 8 (8.0.0–8.29.1), as well as Vaadin 23.1.0–23.6.5, Vaadin 24.0.0–24.8.13, and Vaadin 24.9.0–24.9.6. Fixed versions sanitize captions by default and, for...