3 matches found
CVE-2020-6950
Summary of CVE-2020-6950 (Eclipse Mojarra Local File Read) The Nuclei template confirms a directory traversal vulnerability in Eclipse Mojarra before 2.3.14 that allows reading arbitrary files via the loc or con parameter. Affected component is Mojarra (JavaServer Faces) in versions prior to 2.3....
CVE-2018-14371
CVE-2018-14371 affects Eclipse Mojarra (JSF) prior to 2.3.7. The getLocalePrefix function in ResourceManager.java suffers a Directory Traversal via the loc parameter, enabling a remote attacker to download configuration files or Java bytecode from applications. Remediation: upgrade Mojarra to 2.3...
CVE-2019-17091
CVE-2019-17091 affects Eclipse Mojarra (used in Mojarra for Eclipse EE4J) with an issue in faces/context/PartialViewContextImpl.java that allows Reflected XSS. Affected versions are Mojarra for Eclipse EE4J before 2.3.10 and Mojarra JavaServer Faces before 2.2.20. The root cause is mishandling of...