Vulnerability	Vulnerable Version
H Directory Traversal Eclipse Mojarra Affected versions of this package are vulnerable to Directory Traversal via the `getLocalePrefix` function in the `ResourceManager.java` class. A remote attacker can download configuration files or Java bytecodes from applications. How to fix Directory Traversal? Upgrade to version 2.3.5 or higher.	[,2.3.5)
M Cross-site Scripting (XSS) `org.glassfish:javax.faces` Mojarra JSF: XSS due to insufficient escaping of user-supplied content in outputText tags and EL expressions Oracle Mojarra 2.2.x before 2.2.6 and 2.1.x before 2.1.28 does not perform appropriate encoding when a (1) <h:outputText> tag or (2) EL expression is used after a scriptor style block, which allows remote attackers to conduct cross-site scripting (XSS) attacks via application-specific vectors.	[2,2.2.5]

Directory Traversal

Eclipse Mojarra

Affected versions of this package are vulnerable to Directory Traversal via the getLocalePrefix function in the ResourceManager.java class. A remote attacker can download configuration files or Java bytecodes from applications.

How to fix Directory Traversal?

Upgrade to version 2.3.5 or higher.

[,2.3.5)

Cross-site Scripting (XSS)

org.glassfish:javax.faces Mojarra JSF: XSS due to insufficient escaping of user-supplied content in outputText tags and EL expressions Oracle Mojarra 2.2.x before 2.2.6 and 2.1.x before 2.1.28 does not perform appropriate encoding when a (1) <h:outputText> tag or (2) EL expression is used after a scriptor style block, which allows remote attackers to conduct cross-site scripting (XSS) attacks via application-specific vectors.

[2,2.2.5]

Go back to all versions of this package