Vulnerabilities (CVE)

Filtered by vendor Vaadin Subscribe

Filtered by product Vaadin

Total 23 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2021-31407	1 Vaadin	2 Flow, Vaadin	2024-02-04	5.0 MEDIUM	7.5 HIGH
Vulnerability in OSGi integration in com.vaadin:flow-server versions 1.2.0 through 2.4.7 (Vaadin 12.0.0 through 14.4.9), and 6.0.0 through 6.0.1 (Vaadin 19.0.0) allows attacker to access application classes and resources on the server via crafted HTTP request.
CVE-2021-33604	1 Vaadin	2 Flow-server, Vaadin	2024-02-04	1.2 LOW	2.5 LOW
URL encoding error in development mode handler in com.vaadin:flow-server versions 2.0.0 through 2.6.1 (Vaadin 14.0.0 through 14.6.1), 3.0.0 through 6.0.9 (Vaadin 15.0.0 through 19.0.8) allows local user to execute arbitrary JavaScript code by opening crafted URL in browser.
CVE-2011-0509	1 Vaadin	1 Vaadin	2024-02-04	4.3 MEDIUM	N/A
Cross-site scripting (XSS) vulnerability in Vaadin before 6.4.9 allows remote attackers to inject arbitrary web script or HTML via unknown vectors related to the index page.