Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.1
CVE-2019-12416
- EPSS 0.86%
- Published 19.03.2020 15:15:12
- Last modified 21.11.2024 04:22:47
we got reports for 2 injection attacks against the DeltaSpike windowhandler.js. This is only active if a developer selected the ClientSideWindowStrategy which is not the default.
6.1
CVE-2017-17837
- EPSS 1.35%
- Published 04.01.2018 15:29:00
- Last modified 21.11.2024 03:18:47
The Apache DeltaSpike-JSF 1.8.0 module has a XSS injection leak in the windowId handling. The default size of the windowId get's cut off after 10 characters (by default), so the impact might be limited. A fix got applied and released in Apache deltas...
1