Lucene search
K

4 matches found

Github Security Blog
Github Security Blog
added 2026/01/05 9:30 a.m.14 views

Vaadin vulnerable to Cross-site Scripting

Action captions in Vaadin accept HTML by default but were not sanitized, potentially allowing Cross-site Scripting XSS if caption content is derived from user input. In Vaadin Framework 7 and 8, the Action class is a general-purpose class that may be used by multiple components. The fixed version...

4.8CVSS6.3AI score0.00327EPSS
Exploits0References5Affected Software3
CVE
CVE
added 2026/01/05 7:52 a.m.24 views

CVE-2025-15022

CVE-2025-15022 describes an XSS vulnerability in Vaadin where caption HTML was not sanitized. Affected are Vaadin Framework 7 (7.0.0–7.7.49) and 8 (8.0.0–8.29.1), as well as Vaadin 23.1.0–23.6.5, Vaadin 24.0.0–24.8.13, and Vaadin 24.9.0–24.9.6. Fixed versions sanitize captions by default and, for...

4.8CVSS5.9AI score0.00327EPSS
Exploits0References2
EUVD
EUVD
added 2026/01/05 7:52 a.m.6 views

EUVD-2026-0820

Action captions in Vaadin accept HTML by default but were not sanitized, potentially allowing Cross-site Scripting XSS if caption content is derived from user input. In Vaadin Framework 7 and 8, the Action class is a general-purpose class that may be used by multiple components. The fixed version...

4.8CVSS5.8AI score0.00327EPSS
Exploits0References5
vulnersOsv
vulnersOsv
added 2021/04/19 2:51 p.m.5 views

biz.grundner.vaadin-in-spring:spring-vaadin (=1.0), cn.jhc:umeditor-vaadin-js (=0.0.1) +128 more potentially affected by CVE-2021-31403 via com.vaadin:vaadin-server (>=7.0.0 <=7.7.23)

com.vaadin:vaadin-server MAVEN version =7.0.0, =0.5, =1.1, =1.0, =1.3, =5.0.0, =5.0.0, =5.0.0, =5.2.4 and more Source cves: CVE-2021-31403 Source advisory: OSV:GHSA-75XC-QVXH-27F8...

4CVSS5.8AI score0.00306EPSS
Exploits0
Rows per page
Query Builder