CVE-2019-17091
Description
faces/context/PartialViewContextImpl.java in Eclipse Mojarra, as used in Mojarra for Eclipse EE4J before 2.3.10 and Mojarra JavaServer Faces before 2.2.20, allows Reflected XSS because a client window field is mishandled.
Risk Information
Base Score
6.1
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS Score
Exploitation Probability
7.188
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2019-17091 are fixed in GlassFish-javax.faces 2.2.20 | Windows |
| Vulnerabilities CVE-2019-17091 are fixed in GlassFish-jakarta.faces 2.3.10 | Windows |
| Vulnerabilities CVE-2019-17091,CVE-2020-2707 are affected in Oracle Primavera P6 Enterprise Project Portfolio Management 15.2.18.7 | Windows |
| Vulnerabilities CVE-2019-17091,CVE-2020-2556,CVE-2020-2707 are affected in Oracle Primavera P6 Enterprise Project Portfolio Management 16.2.19.0 | Windows |
| Vulnerabilities CVE-2019-17091 are affected in Oracle Primavera P6 Enterprise Project Portfolio Management 17.12.15.0 | Windows |
| Vulnerabilities CVE-2019-17091 are affected in Oracle Primavera P6 Enterprise Project Portfolio Management 18.8.15.0 | Windows |
| Vulnerabilities CVE-2019-17091,CVE-2020-2556,CVE-2020-2707 are affected in Oracle Primavera P6 Enterprise Project Portfolio Management 19.12.0.0 | Windows |
| Vulnerabilities CVE-2019-17091 are fixed in GlassFish-javax.faces for Linux 2.2.20 | Linux |
| Vulnerabilities CVE-2019-17091 are fixed in GlassFish-jakarta.faces for Linux 2.3.10 | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234