Maven package
com.vaadin/vaadin-spreadsheet-flow
pkg:maven/com.vaadin/vaadin-spreadsheet-flow
Vulnerabilities (1)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-15022 | Med | — | >= 23.1.0, < 23.6.6 | 23.6.6 | Jan 5, 2026 | Action captions in Vaadin accept HTML by default but were not sanitized, potentially allowing Cross-site Scripting (XSS) if caption content is derived from user input. In Vaadin Framework 7 and 8, the Action class is a general-purpose class that may be used by multiple component |
- affected >= 23.1.0, < 23.6.6fixed 23.6.6
Action captions in Vaadin accept HTML by default but were not sanitized, potentially allowing Cross-site Scripting (XSS) if caption content is derived from user input. In Vaadin Framework 7 and 8, the Action class is a general-purpose class that may be used by multiple component