Published: 17/07/2014 Updated: 09/10/2018

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Oracle Mojarra 2.2.x prior to 2.2.6 and 2.1.x prior to 2.1.28 does not perform appropriate encoding when a (1) <h:outputText> tag or (2) EL expression is used after a scriptor style block, which allows remote malicious users to conduct cross-site scripting (XSS) attacks via application-specific vectors.

Vulnerable Product	Search on Vulmon	Subscribe to Product
oracle mojarra 2.2.5
oracle mojarra 2.1.26
oracle mojarra 2.1.24
oracle mojarra 2.1.16
oracle mojarra 2.1.15
oracle mojarra 2.1.9
oracle mojarra 2.1.8
oracle mojarra 2.1.0
oracle mojarra 2.2.2
oracle mojarra 2.2.1
oracle mojarra 2.2.0
oracle mojarra 2.1.21
oracle mojarra 2.1.20
oracle mojarra 2.1.13
oracle mojarra 2.1.12
oracle mojarra 2.1.4
oracle mojarra 2.1.3
oracle mojarra 2.2.4
oracle mojarra 2.2.3
oracle mojarra 2.1.23
oracle mojarra 2.1.22
oracle mojarra 2.1.17
oracle mojarra 2.1.14
oracle mojarra 2.1.6
oracle mojarra 2.1.7
oracle mojarra 2.1.5
oracle mojarra 2.1.27
oracle mojarra 2.1.25
oracle mojarra 2.1.19
oracle mojarra 2.1.18
oracle mojarra 2.1.11
oracle mojarra 2.1.10
oracle mojarra 2.1.2
oracle mojarra 2.1.1

Debian Bug report logs - #740586 mojarra: CVE-2013-5855 Package: mojarra; Maintainer for mojarra is Debian Java Maintainers <pkg-java-maintainers@listsaliothdebianorg>; Reported by: Moritz Muehlenhoff <jmm@inutilorg> Date: Mon, 3 Mar 2014 08:15:01 UTC Severity: grave Tags: security Fixed in version mojarra/22 ...

Debian Bug report logs - #677194 CVE-2012-2672 Package: mojarra; Maintainer for mojarra is Debian Java Maintainers <pkg-java-maintainers@listsaliothdebianorg>; Reported by: Moritz Muehlenhoff <muehlenhoff@univentionde> Date: Tue, 12 Jun 2012 08:42:01 UTC Severity: important Tags: moreinfo, security Fixed in vers ...

It was found that Mojarra JavaServer Faces did not properly escape user-supplied content in certain circumstances Contents of outputText tags and raw EL expressions that immediately follow script or style elements were not escaped A remote attacker could use a specially crafted URL to execute arbitrary web script in the user's browser ...

Version based search for vulnerabilities in Jar files, using victims-cve-db database.

Victims CVE Database Version Search This script allows searching for vulnerabilities associated with specific versions of Java archives (jar files) using database provided by victims-cve-db For each jar file the version information is retrieved: Using Maven manifest (pomxml), if it does exist within jar Using version included into filename and filename as artifactId Using

CWE-79 http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html http://h30499.www3.hp.com/t5/HP-Security-Research-Blog/JSF-outputText-tag-the-good-the-bad-and-the-ugly/ba-p/6368011#.U8ccVPlXZHU https://java.net/jira/browse/JAVASERVERFACES_SPEC_PUBLIC-1258 https://java.net/jira/browse/JAVASERVERFACES-3150 http://www.vmware.com/security/advisories/VMSA-2014-0012.html http://seclists.org/fulldisclosure/2014/Dec/23 http://rhn.redhat.com/errata/RHSA-2015-0675.html http://rhn.redhat.com/errata/RHSA-2015-0720.html http://rhn.redhat.com/errata/RHSA-2015-0765.html http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html http://www.securityfocus.com/bid/65600 http://www.securityfocus.com/archive/1/534161/100/0/threaded https://nvd.nist.gov https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=740586 https://github.com/adedov/victims-version-search https://access.redhat.com/security/cve/cve-2013-5855

CVE-2013-5855

Vulnerability Summary

Vendor Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect