Oracle : Security Vulnerabilities, CVEs, Published In 2010 (XSS) CVSS score >= 4
Oracle Mojarra 1.2_14 and 2.0.2, as used in IBM WebSphere Application Server, Caucho Resin, and other applications, does not properly handle an unencrypted view state, which allows remote attackers to conduct cross-site scripting (XSS) attacks or execute arbitrary Expression Language (EL) statements via vectors that involve modifying the serialized view object.
Max CVSS
4.3
EPSS Score
0.17%
Published
2010-05-27
Updated
2013-01-28
1 vulnerabilities found