Homepage

org.primefaces:primefaces@6.1 vulnerabilities

  • latest version

    15.0.8

  • latest non vulnerable version

    15.0.8

  • first published

    12 years ago

  • latest version published

    11 days ago

  • licenses detected

  • package registry

    View on Maven Central Repository
    • Go back to all versions of this package
    Report a new vulnerability Found a mistake?

    Direct Vulnerabilities

    Known vulnerabilities in the org.primefaces:primefaces package. This does not include vulnerabilities belonging to this package’s dependencies.

    How to fix?

    Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

    Fix for free
    VulnerabilityVulnerable Version
    • M
    Cross-site Scripting (XSS)

    org.primefaces:primefaces is an ultimate component suite for JavaServer Faces.

    Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the attribute label of p:chip.

    How to fix Cross-site Scripting (XSS)?

    Upgrade org.primefaces:primefaces to version 12.0.0-RC1 or higher.

    [0,12.0.0-RC1)
    • M
    Cross-site Scripting (XSS)

    org.primefaces:primefaces is an ultimate component suite for JavaServer Faces.

    Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the attribute value of p:tag.

    How to fix Cross-site Scripting (XSS)?

    Upgrade org.primefaces:primefaces to version 12.0.0-RC1 or higher.

    [0,12.0.0-RC1)
    • M
    Cross-site Scripting (XSS)

    org.primefaces:primefaces is an ultimate component suite for JavaServer Faces.

    Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the attributes value and label in AutoCompleteSuggestion used by REST endpoints in conjunction with p:autoComplete.

    How to fix Cross-site Scripting (XSS)?

    Upgrade org.primefaces:primefaces to version 12.0.0-RC1 or higher.

    [0,12.0.0-RC1)
    • M
    Cross-site Scripting (XSS)

    org.primefaces:primefaces is an ultimate component suite for JavaServer Faces.

    Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the attribute value of p:badge

    How to fix Cross-site Scripting (XSS)?

    Upgrade org.primefaces:primefaces to version 12.0.0-RC1 or higher.

    [0,12.0.0-RC1)
    • M
    Cross-site Scripting (XSS)

    org.primefaces:primefaces is an ultimate component suite for JavaServer Faces.

    Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the attribute value of p:menuItem inside p:stack.

    How to fix Cross-site Scripting (XSS)?

    Upgrade org.primefaces:primefaces to version 12.0.0-RC1 or higher.

    [0,12.0.0-RC1)
    • M
    Cross-site Scripting (XSS)

    org.primefaces:primefaces is an ultimate component suite for JavaServer Faces.

    Affected versions of this package are vulnerable to Cross-site Scripting (XSS) in tooltip/tooltip.js, which accepts input that is later used as a tooltip title, without proper validation.

    How to fix Cross-site Scripting (XSS)?

    Upgrade org.primefaces:primefaces to version 8.0 or higher.

    [0,8.0)
    • M
    Information Exposure

    org.primefaces:primefaces is an ultimate component suite for JavaServer Faces.

    Affected versions of this package are vulnerable to Information Exposure because {{h:inputText maxlength}} is validated on client side only. However, client side validation may be bypassed easily.

    How to fix Information Exposure?

    Upgrade org.primefaces:primefaces to version 7.0.RC1 or higher.

    [0,7.0.RC1)
    • M
    Cross-site Scripting (XSS)

    org.primefaces:primefaces is an UI library in Java EE Ecosystem.

    Affected versions of [org.primefaces:primefaces] are vulnerable to Cross-site Scripting (XSS).

    How to fix Cross-site Scripting (XSS)?

    Upgrade org.primefaces:primefaces to version 6.2 or higher.

    [,6.2)
    • M
    Cross-site Scripting (XSS)

    org.primefaces:primefaces is UI library in Java EE Ecosystem

    Affected versions of [org.primefaces:primefaces] are vulnerable to Cross-site Scripting (XSS).

    How to fix Cross-site Scripting (XSS)?

    Upgrade org.primefaces:primefaces to version 6.2 or higher.

    [,6.2)
    Go back to all versions of this package