Lucene search
K

5 matches found

Github Security Blog
Github Security Blog
added 2026/01/05 9:30 a.m.14 views

Vaadin vulnerable to Cross-site Scripting

Action captions in Vaadin accept HTML by default but were not sanitized, potentially allowing Cross-site Scripting XSS if caption content is derived from user input. In Vaadin Framework 7 and 8, the Action class is a general-purpose class that may be used by multiple components. The fixed version...

4.8CVSS6.3AI score0.00327EPSS
Exploits0References5Affected Software3
EUVD
EUVD
added 2026/01/05 7:52 a.m.6 views

EUVD-2026-0820

Action captions in Vaadin accept HTML by default but were not sanitized, potentially allowing Cross-site Scripting XSS if caption content is derived from user input. In Vaadin Framework 7 and 8, the Action class is a general-purpose class that may be used by multiple components. The fixed version...

4.8CVSS5.8AI score0.00327EPSS
Exploits0References5
CVE
CVE
added 2026/01/05 7:52 a.m.23 views

CVE-2025-15022

CVE-2025-15022 describes an XSS vulnerability in Vaadin where caption HTML was not sanitized. Affected are Vaadin Framework 7 (7.0.0–7.7.49) and 8 (8.0.0–8.29.1), as well as Vaadin 23.1.0–23.6.5, Vaadin 24.0.0–24.8.13, and Vaadin 24.9.0–24.9.6. Fixed versions sanitize captions by default and, for...

4.8CVSS5.9AI score0.00327EPSS
Exploits0References2
OSV
OSV
added 2021/10/13 6:54 p.m.7 views

GHSA-QCGX-CRRX-38V5 Denial of service in DataCommunicator class in Vaadin 8

Missing check in DataCommunicator class in com.vaadin:vaadin-server versions 8.0.0 through 8.14.0 Vaadin 8.0.0 through 8.14.0 allows authenticated network attacker to cause heap exhaustion by requesting too many rows of data...

4.3CVSS5.9AI score0.00915EPSS
Exploits0References5
vulnersOsv
vulnersOsv
added 2021/04/19 2:51 p.m.4 views

ca.qc.ircm:plate-layout (=0.8), com.github.mvysny.karibudsl:karibu-dsl-v8 (>=1.0.0 <=1.0.4) +65 more potentially affected by CVE-2021-31403 via com.vaadin:vaadin-server (>=8.0.0 <=8.12.2)

com.vaadin:vaadin-server MAVEN version =8.0.0, =1.0.0, =1.0.0, =1.1.20, =1.0.0, =2.0.3, =8.0.0, =8.0.0, =8.0.0, =8.0.0, =8.0.0, =8.0.0, =8.12.2 and more Source cves: CVE-2021-31403 Source advisory: OSV:GHSA-75XC-QVXH-27F8...

4CVSS5.8AI score0.00306EPSS
Exploits0
Rows per page
Query Builder