org.primefaces:primefaces@7.0 vulnerabilities

latest version

13.0.7
latest non vulnerable version

14.0.0-RC2
first published

11 years ago
latest version published

3 months ago
licenses detected
- Unknown
  [7.0,8.0)
package manager

View on Maven Repository

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the org.primefaces:primefaces package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability	Vulnerable Version
M Cross-site Scripting (XSS) org.primefaces:primefaces is an ultimate component suite for JavaServer Faces. Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the attribute `label` of `p:chip`. How to fix Cross-site Scripting (XSS)? Upgrade `org.primefaces:primefaces` to version 12.0.0-RC1 or higher.	[0,12.0.0-RC1)
M Cross-site Scripting (XSS) org.primefaces:primefaces is an ultimate component suite for JavaServer Faces. Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the attribute `value` of `p:tag`. How to fix Cross-site Scripting (XSS)? Upgrade `org.primefaces:primefaces` to version 12.0.0-RC1 or higher.	[0,12.0.0-RC1)
M Cross-site Scripting (XSS) org.primefaces:primefaces is an ultimate component suite for JavaServer Faces. Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the attributes `value` and `label` in `AutoCompleteSuggestion` used by REST endpoints in conjunction with `p:autoComplete`. How to fix Cross-site Scripting (XSS)? Upgrade `org.primefaces:primefaces` to version 12.0.0-RC1 or higher.	[0,12.0.0-RC1)
M Cross-site Scripting (XSS) org.primefaces:primefaces is an ultimate component suite for JavaServer Faces. Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the attribute `value` of `p:badge` How to fix Cross-site Scripting (XSS)? Upgrade `org.primefaces:primefaces` to version 12.0.0-RC1 or higher.	[0,12.0.0-RC1)
M Cross-site Scripting (XSS) org.primefaces:primefaces is an ultimate component suite for JavaServer Faces. Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the attribute `value` of `p:menuItem` inside `p:stack`. How to fix Cross-site Scripting (XSS)? Upgrade `org.primefaces:primefaces` to version 12.0.0-RC1 or higher.	[0,12.0.0-RC1)
M Cross-site Scripting (XSS) org.primefaces:primefaces is an ultimate component suite for JavaServer Faces. Affected versions of this package are vulnerable to Cross-site Scripting (XSS) in `tooltip/tooltip.js`, which accepts input that is later used as a tooltip title, without proper validation. How to fix Cross-site Scripting (XSS)? Upgrade `org.primefaces:primefaces` to version 8.0 or higher.	[0,8.0)

Go back to all versions of this package

org.primefaces:primefaces@7.0 vulnerabilities

latest version

latest non vulnerable version

first published

latest version published

licenses detected

package manager

Direct Vulnerabilities