Lucene search
K

5 matches found

Cvelist
Cvelist
added 2023/06/22 12:47 p.m.33 views

CVE-2023-25499 Possible information disclosure in non visible components

When adding non-visible components to the UI in server side, content is sent to the browser in Vaadin 10.0.0 through 10.0.22, 11.0.0 through 14.10.0, 15.0.0 through 22.0.28, 23.0.0 through 23.3.12, 24.0.0 through 24.0.5 and 24.1.0.alpha1 to 24.1.0.beta1, resulting in potential information...

5.7CVSS6.5AI score0.0058EPSS
Exploits0References2
Vaadin
Vaadin
added 2023/06/22 12:0 a.m.67 views

Possible information disclosure in non visible components

When adding non-visible components to the UI in server side, content is sent to the browser in Vaadin 10.0.0 through 10.0.22, 11.0.0 through 14.10.0, 15.0.0 through 22.0.28, 23.0.0 through 23.3.12, 24.0.0 through 24.0.5 and 24.1.0.alpha1 to 24.1.0.beta1, resulting in potential information...

6.5CVSS6.3AI score0.0058EPSS
Exploits0Affected Software2
NVD
NVD
added 2021/04/23 4:15 p.m.43 views

CVE-2019-25027

Missing output sanitization in default RouteNotFoundError view in com.vaadin:flow-server versions 1.0.0 through 1.0.10 Vaadin 10.0.0 through 10.0.13, and 1.1.0 through 1.4.2 Vaadin 11.0.0 through 13.0.5 allows attacker to execute malicious JavaScript via crafted URL...

6.1CVSS0.00668EPSS
Exploits0References2
NVD
NVD
added 2021/04/23 4:15 p.m.33 views

CVE-2018-25007

Missing check in UIDL request handler in com.vaadin:flow-server versions 1.0.0 through 1.0.5 Vaadin 10.0.0 through 10.0.7, and 11.0.0 through 11.0.2 allows attacker to update element property values via crafted synchronization message...

4.3CVSS0.00574EPSS
Exploits0References2
CVE
CVE
added 2021/04/23 4:5 p.m.85 views

CVE-2018-25007

CVE-2018-25007 affects Vaadin Flow Server (com.vaadin:flow-server) due to a missing check in the UIDL request handler. Affected versions are 1.0.0–1.0.5, corresponding to Vaadin 10.0.0–10.0.7 and 11.0.0–11.0.2. The root cause is an unchecked UIDL synchronization message, which permits an attacker...

4.3CVSS4.1AI score0.00574EPSS
Exploits0References2Affected Software2
Rows per page
Query Builder