Filtered by vendor Vaadin
Subscribe
Total
24 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-31405 | 1 Vaadin | 2 Flow, Vaadin | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
Unsafe validation RegEx in EmailField component in com.vaadin:vaadin-text-field-flow versions 2.0.4 through 2.3.2 (Vaadin 14.0.6 through 14.4.3), and 3.0.0 through 4.0.2 (Vaadin 15.0.0 through 17.0.10) allows attackers to cause uncontrolled resource consumption by submitting malicious email addresses. | |||||
CVE-2021-31407 | 1 Vaadin | 2 Flow, Vaadin | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
Vulnerability in OSGi integration in com.vaadin:flow-server versions 1.2.0 through 2.4.7 (Vaadin 12.0.0 through 14.4.9), and 6.0.0 through 6.0.1 (Vaadin 19.0.0) allows attacker to access application classes and resources on the server via crafted HTTP request. | |||||
CVE-2021-33604 | 1 Vaadin | 2 Flow-server, Vaadin | 2024-02-04 | 1.2 LOW | 2.5 LOW |
URL encoding error in development mode handler in com.vaadin:flow-server versions 2.0.0 through 2.6.1 (Vaadin 14.0.0 through 14.6.1), 3.0.0 through 6.0.9 (Vaadin 15.0.0 through 19.0.8) allows local user to execute arbitrary JavaScript code by opening crafted URL in browser. | |||||
CVE-2011-0509 | 1 Vaadin | 1 Vaadin | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in Vaadin before 6.4.9 allows remote attackers to inject arbitrary web script or HTML via unknown vectors related to the index page. |