CVE-2019-25028

Missing variable sanitization in Grid component in com.vaadin:vaadin-server versions 7.4.0 through 7.7.19 (Vaadin 7.4.0 through 7.7.19), and 8.0.0 through 8.8.4 (Vaadin 8.0.0 through 8.8.4) allows attacker to inject malicious JavaScript via unspecified vector
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:vaadin:vaadin:*:*:*:*:*:*:*:*
cpe:2.3:a:vaadin:vaadin:*:*:*:*:*:*:*:*

History

21 Nov 2024, 04:39

Type Values Removed Values Added
CVSS v2 : 4.3
v3 : 6.1
v2 : 4.3
v3 : 5.4
References () https://github.com/vaadin/framework/pull/11644 - Patch, Third Party Advisory () https://github.com/vaadin/framework/pull/11644 - Patch, Third Party Advisory
References () https://github.com/vaadin/framework/pull/11645 - Patch, Third Party Advisory () https://github.com/vaadin/framework/pull/11645 - Patch, Third Party Advisory
References () https://vaadin.com/security/cve-2019-25028 - Vendor Advisory () https://vaadin.com/security/cve-2019-25028 - Vendor Advisory

Information

Published : 2021-04-23 16:15

Updated : 2024-11-21 04:39


NVD link : CVE-2019-25028

Mitre link : CVE-2019-25028

CVE.ORG link : CVE-2019-25028


JSON object : View

Products Affected

vaadin

  • vaadin
CWE
CWE-80

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')