VYPR
Moderate severityNVD Advisory· Published Jul 17, 2014· Updated Jun 16, 2026

CVE-2013-5855

CVE-2013-5855

Description

Oracle Mojarra 2.2.x before 2.2.6 and 2.1.x before 2.1.28 does not perform appropriate encoding when a (1) <h:outputText> tag or (2) EL expression is used after a scriptor style block, which allows remote attackers to conduct cross-site scripting (XSS) attacks via application-specific vectors.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
org.glassfish:javax.facesMaven
>= 2.2.0, < 2.2.62.2.6
org.glassfish:javax.facesMaven
>= 2.1.0, < 2.1.282.1.28

Affected products

35
  • cpe:2.3:a:oracle:mojarra:2.1.0:*:*:*:*:*:*:*+ 33 more
    • cpe:2.3:a:oracle:mojarra:2.1.0:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:mojarra:2.1.1:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:mojarra:2.1.10:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:mojarra:2.1.11:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:mojarra:2.1.12:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:mojarra:2.1.13:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:mojarra:2.1.14:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:mojarra:2.1.15:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:mojarra:2.1.16:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:mojarra:2.1.17:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:mojarra:2.1.18:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:mojarra:2.1.19:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:mojarra:2.1.2:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:mojarra:2.1.20:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:mojarra:2.1.21:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:mojarra:2.1.22:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:mojarra:2.1.23:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:mojarra:2.1.24:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:mojarra:2.1.25:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:mojarra:2.1.26:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:mojarra:2.1.27:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:mojarra:2.1.3:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:mojarra:2.1.4:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:mojarra:2.1.5:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:mojarra:2.1.6:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:mojarra:2.1.7:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:mojarra:2.1.8:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:mojarra:2.1.9:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:mojarra:2.2.0:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:mojarra:2.2.1:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:mojarra:2.2.2:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:mojarra:2.2.3:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:mojarra:2.2.4:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:mojarra:2.2.5:*:*:*:*:*:*:*
  • ghsa-coords
    Range: >= 2.2.0, < 2.2.6

Patches

Vulnerability mechanics

References

14

News mentions

0

No linked articles in our index yet.