2 matches found
CVE-2017-17837
CVE-2017-17837 affects the Apache DeltaSpike-JSF 1.8.0 module with a Cross‑Site Scripting (XSS) leak in how windowId is handled. The windowId is truncated after 10 characters by default, which can limit impact but still constitutes an XSS risk. A fix was released in Apache DeltaSpike 1.8.1 (delta...
CVE-2019-12416
CVE-2019-12416 concerns two reported injection attacks against DeltaSpike’s windowhandler.js, active only when the ClientSideWindowStrategy is explicitly selected (not the default). The connected Red Hat and OSV/GHSA entries repeat this description and confirm the issue is tied to DeltaSpike, wit...