Maven package
org.primefaces/primefaces
pkg:maven/org.primefaces/primefaces
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2020-10544 | — | < 8.0 | 8.0 | Mar 13, 2020 | An XSS issue was discovered in tooltip/tooltip.js in PrimeTek PrimeFaces 7.0.11. In a web application using PrimeFaces, an attacker can provide JavaScript code in an input field whose data is later used as a tooltip title without any input validation. | ||
| CVE-2017-1000486 | Cri | 9.8 | KEV | >= 5.0, < 6.0 | 6.0 | Jan 3, 2018 | Primetek Primefaces 5.x is vulnerable to a weak encryption flaw resulting in remote code execution |
- CVE-2020-10544Mar 13, 2020affected < 8.0fixed 8.0
An XSS issue was discovered in tooltip/tooltip.js in PrimeTek PrimeFaces 7.0.11. In a web application using PrimeFaces, an attacker can provide JavaScript code in an input field whose data is later used as a tooltip title without any input validation.
- affected >= 5.0, < 6.0fixed 6.0
Primetek Primefaces 5.x is vulnerable to a weak encryption flaw resulting in remote code execution