Homepage
About Snyk

org.primefaces:primefaces@6.1 vulnerabilities

Go back to all versions of this package
Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the org.primefaces:primefaces package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • M
Cross-site Scripting (XSS)

org.primefaces:primefaces is an ultimate component suite for JavaServer Faces.

Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the attribute label of p:chip.

How to fix Cross-site Scripting (XSS)?

Upgrade org.primefaces:primefaces to version 12.0.0-RC1 or higher.

[0,12.0.0-RC1)
  • M
Cross-site Scripting (XSS)

org.primefaces:primefaces is an ultimate component suite for JavaServer Faces.

Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the attribute value of p:tag.

How to fix Cross-site Scripting (XSS)?

Upgrade org.primefaces:primefaces to version 12.0.0-RC1 or higher.

[0,12.0.0-RC1)
  • M
Cross-site Scripting (XSS)

org.primefaces:primefaces is an ultimate component suite for JavaServer Faces.

Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the attributes value and label in AutoCompleteSuggestion used by REST endpoints in conjunction with p:autoComplete.

How to fix Cross-site Scripting (XSS)?

Upgrade org.primefaces:primefaces to version 12.0.0-RC1 or higher.

[0,12.0.0-RC1)
  • M
Cross-site Scripting (XSS)

org.primefaces:primefaces is an ultimate component suite for JavaServer Faces.

Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the attribute value of p:badge

How to fix Cross-site Scripting (XSS)?

Upgrade org.primefaces:primefaces to version 12.0.0-RC1 or higher.

[0,12.0.0-RC1)
  • M
Cross-site Scripting (XSS)

org.primefaces:primefaces is an ultimate component suite for JavaServer Faces.

Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the attribute value of p:menuItem inside p:stack.

How to fix Cross-site Scripting (XSS)?

Upgrade org.primefaces:primefaces to version 12.0.0-RC1 or higher.

[0,12.0.0-RC1)
  • M
Cross-site Scripting (XSS)

org.primefaces:primefaces is an ultimate component suite for JavaServer Faces.

Affected versions of this package are vulnerable to Cross-site Scripting (XSS) in tooltip/tooltip.js, which accepts input that is later used as a tooltip title, without proper validation.

How to fix Cross-site Scripting (XSS)?

Upgrade org.primefaces:primefaces to version 8.0 or higher.

[0,8.0)
  • M
Information Exposure

org.primefaces:primefaces is an ultimate component suite for JavaServer Faces.

Affected versions of this package are vulnerable to Information Exposure because {{h:inputText maxlength}} is validated on client side only. However, client side validation may be bypassed easily.

How to fix Information Exposure?

Upgrade org.primefaces:primefaces to version 7.0.RC1 or higher.

[0,7.0.RC1)
  • M
Cross-site Scripting (XSS)

org.primefaces:primefaces is an UI library in Java EE Ecosystem.

Affected versions of [org.primefaces:primefaces] are vulnerable to Cross-site Scripting (XSS).

How to fix Cross-site Scripting (XSS)?

Upgrade org.primefaces:primefaces to version 6.2 or higher.

[,6.2)
  • M
Cross-site Scripting (XSS)

org.primefaces:primefaces is UI library in Java EE Ecosystem

Affected versions of [org.primefaces:primefaces] are vulnerable to Cross-site Scripting (XSS).

How to fix Cross-site Scripting (XSS)?

Upgrade org.primefaces:primefaces to version 6.2 or higher.

[,6.2)
Go back to all versions of this package