Oracle Mojarra 2.2.x prior to 2.2.6 and 2.1.x prior to 2.1.28 does not perform appropriate encoding when a (1) <h:outputText> tag or (2) EL expression is used after a scriptor style block, which allows remote malicious users to conduct cross-site scripting (XSS) attacks via application-specific vectors.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
oracle mojarra 2.2.5 |
||
oracle mojarra 2.1.26 |
||
oracle mojarra 2.1.24 |
||
oracle mojarra 2.1.16 |
||
oracle mojarra 2.1.15 |
||
oracle mojarra 2.1.9 |
||
oracle mojarra 2.1.8 |
||
oracle mojarra 2.1.0 |
||
oracle mojarra 2.2.2 |
||
oracle mojarra 2.2.1 |
||
oracle mojarra 2.2.0 |
||
oracle mojarra 2.1.21 |
||
oracle mojarra 2.1.20 |
||
oracle mojarra 2.1.13 |
||
oracle mojarra 2.1.12 |
||
oracle mojarra 2.1.4 |
||
oracle mojarra 2.1.3 |
||
oracle mojarra 2.2.4 |
||
oracle mojarra 2.2.3 |
||
oracle mojarra 2.1.23 |
||
oracle mojarra 2.1.22 |
||
oracle mojarra 2.1.17 |
||
oracle mojarra 2.1.14 |
||
oracle mojarra 2.1.6 |
||
oracle mojarra 2.1.7 |
||
oracle mojarra 2.1.5 |
||
oracle mojarra 2.1.27 |
||
oracle mojarra 2.1.25 |
||
oracle mojarra 2.1.19 |
||
oracle mojarra 2.1.18 |
||
oracle mojarra 2.1.11 |
||
oracle mojarra 2.1.10 |
||
oracle mojarra 2.1.2 |
||
oracle mojarra 2.1.1 |