VYPR

RichFaces

by JBoss

CVEs (2)

  • CVE-2015-0279Mar 26, 2015
    risk 0.00cvss epss 0.04

    JBoss RichFaces before 4.5.4 allows remote attackers to inject expression language (EL) expressions and execute arbitrary Java code via the do parameter.

  • CVE-2014-7852Dec 11, 2014
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in JBoss RichFaces, as used in JBoss Portal 6.1.1, allows remote attackers to inject arbitrary web script or HTML via crafted URL, which is not properly handled in a CSS file.