Oracle Mojarra 2.2.x before 2.2.6 and 2.1.x before 2.1.28 does not perform appropriate encoding when a (1) <h:outputText> tag or (2) EL expression is used after a scriptor style block, which allows remote attackers to conduct cross-site scripting (XSS) attacks via application-specific vectors.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: oracle
Published: 2014-07-17T02:36:00
Updated: 2024-08-06T17:22:31.230Z
Reserved: 2013-09-18T00:00:00
Link: CVE-2013-5855
Vulnrichment
No data.
NVD
Status : Modified
Published: 2014-07-17T05:10:13.937
Modified: 2024-11-21T01:58:18.143
Link: CVE-2013-5855
Redhat