webui-jsf is vulnerable to cross-site scripting (XSS) attacks. The vulnerability exists due to the lack of sanitization on request.getRequestURI()
, allowing arbitrary scripts to be added into the URI and subsequently executed.
dsecrg.com/pages/vul/show.php?id=138
osvdb.org/54220
secunia.com/advisories/35006
www.nabble.com/-DSECRG--Sun-Glassfish-Multiple-Security-Vulnerabilities-p22595435.html
www.nabble.com/Re:--DSECRG--Sun-Glassfish-Multiple-Security-Vulnerabilities-p23002524.html
www.securityfocus.com/archive/1/503239/100/0/threaded
www.securityfocus.com/bid/34829
exchange.xforce.ibmcloud.com/vulnerabilities/50336
github.com/javaee/woodstock/commit/eb06af2360fceb976f87efdd12c9fcdfa77edf88
woodstock.dev.java.net/servlets/ReadMsg?list=cvs&msgNo=4041