Missing output sanitization in default RouteNotFoundError view in com.vaadin:flow-server versions 1.0.0 up to and including 1.0.10 (Vaadin 10.0.0 up to and including 10.0.13), and 1.1.0 up to and including 1.4.2 (Vaadin 11.0.0 up to and including 13.0.5) allows malicious user to execute malicious JavaScript via crafted URL
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
vaadin flow |
||
vaadin vaadin |