Missing variable sanitization in Grid component in com.vaadin:vaadin-server versions 7.4.0 through 7.7.19 (Vaadin 7.4.0 through 7.7.19), and 8.0.0 through 8.8.4 (Vaadin 8.0.0 through 8.8.4) allows attacker to inject malicious JavaScript via unspecified vector
References
Link | Resource |
---|---|
https://github.com/vaadin/framework/pull/11644 | Patch Third Party Advisory |
https://github.com/vaadin/framework/pull/11645 | Patch Third Party Advisory |
https://vaadin.com/security/cve-2019-25028 | Vendor Advisory |
https://github.com/vaadin/framework/pull/11644 | Patch Third Party Advisory |
https://github.com/vaadin/framework/pull/11645 | Patch Third Party Advisory |
https://vaadin.com/security/cve-2019-25028 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 04:39
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : 4.3
v3 : 5.4 |
References | () https://github.com/vaadin/framework/pull/11644 - Patch, Third Party Advisory | |
References | () https://github.com/vaadin/framework/pull/11645 - Patch, Third Party Advisory | |
References | () https://vaadin.com/security/cve-2019-25028 - Vendor Advisory |
Information
Published : 2021-04-23 16:15
Updated : 2024-11-21 04:39
NVD link : CVE-2019-25028
Mitre link : CVE-2019-25028
CVE.ORG link : CVE-2019-25028
JSON object : View
Products Affected
vaadin
- vaadin