CVE-2013-5855
- EPSS 2.75%
- Veröffentlicht 17.07.2014 05:10:13
- Zuletzt bearbeitet 12.04.2025 10:46:40
Oracle Mojarra 2.2.x before 2.2.6 and 2.1.x before 2.1.28 does not perform appropriate encoding when a (1) <h:outputText> tag or (2) EL expression is used after a scriptor style block, which allows remote attackers to conduct cross-site scripting (XS...
CVE-2012-2672
- EPSS 0.06%
- Veröffentlicht 17.06.2012 03:41:41
- Zuletzt bearbeitet 11.04.2025 00:51:21
Oracle Mojarra 2.1.7 does not properly "clean up" the FacesContext reference during startup, which allows local users to obtain context information an access resources from another WAR file by calling the FacesContext.getCurrentInstance function.
- EPSS 0.33%
- Veröffentlicht 20.10.2010 18:00:04
- Zuletzt bearbeitet 11.04.2025 00:51:21
Oracle Mojarra uses an encrypted View State without a Message Authentication Code (MAC), which makes it easier for remote attackers to perform successful modifications of the View State via a padding oracle attack, a related issue to CVE-2010-2057.
CVE-2010-2087
- EPSS 0.18%
- Veröffentlicht 27.05.2010 19:00:01
- Zuletzt bearbeitet 11.04.2025 00:51:21
Oracle Mojarra 1.2_14 and 2.0.2, as used in IBM WebSphere Application Server, Caucho Resin, and other applications, does not properly handle an unencrypted view state, which allows remote attackers to conduct cross-site scripting (XSS) attacks or exe...