CVE-2019-25028
Description
Missing variable sanitization in Grid component in com.vaadin:vaadin-server versions 7.4.0 through 7.7.19 (Vaadin 7.4.0 through 7.7.19), and 8.0.0 through 8.8.4 (Vaadin 8.0.0 through 8.8.4) allows attacker to inject malicious JavaScript via unspecified vector
Risk Information
Base Score
6.1
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS Score
Exploitation Probability
0.347
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2019-25028 are fixed in Vaadin-vaadin-server 7.7.20 | Windows |
| Vulnerabilities CVE-2019-25028 are fixed in Vaadin-vaadin-server 8.8.5 | Windows |
| Vulnerabilities CVE-2019-25028 are fixed in Vaadin - vaadin-bom 7.7.20 | Windows |
| Vulnerabilities CVE-2019-25028 are fixed in Vaadin - vaadin-bom 8.8.5 | Windows |
| Vulnerabilities CVE-2019-25028 are fixed in Vaadin-vaadin-server for Linux 7.7.20 | Linux |
| Vulnerabilities CVE-2019-25028 are fixed in Vaadin-vaadin-server for Linux 8.8.5 | Linux |
| Vulnerabilities CVE-2019-25028 are fixed in Vaadin - vaadin-bom for Linux 7.7.20 | Linux |
| Vulnerabilities CVE-2019-25028 are fixed in Vaadin - vaadin-bom for Linux 8.8.5 | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234