org.primefaces:primefaces 6.2 vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the org.primefaces:primefaces package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free

Vulnerability	Vulnerable Version
M Cross-site Scripting (XSS) org.primefaces:primefaces is an ultimate component suite for JavaServer Faces. Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the attribute `label` of `p:chip`. How to fix Cross-site Scripting (XSS)? Upgrade `org.primefaces:primefaces` to version 12.0.0-RC1 or higher.	[0,12.0.0-RC1)
M Cross-site Scripting (XSS) org.primefaces:primefaces is an ultimate component suite for JavaServer Faces. Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the attribute `value` of `p:tag`. How to fix Cross-site Scripting (XSS)? Upgrade `org.primefaces:primefaces` to version 12.0.0-RC1 or higher.	[0,12.0.0-RC1)
M Cross-site Scripting (XSS) org.primefaces:primefaces is an ultimate component suite for JavaServer Faces. Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the attributes `value` and `label` in `AutoCompleteSuggestion` used by REST endpoints in conjunction with `p:autoComplete`. How to fix Cross-site Scripting (XSS)? Upgrade `org.primefaces:primefaces` to version 12.0.0-RC1 or higher.	[0,12.0.0-RC1)
M Cross-site Scripting (XSS) org.primefaces:primefaces is an ultimate component suite for JavaServer Faces. Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the attribute `value` of `p:badge` How to fix Cross-site Scripting (XSS)? Upgrade `org.primefaces:primefaces` to version 12.0.0-RC1 or higher.	[0,12.0.0-RC1)
M Cross-site Scripting (XSS) org.primefaces:primefaces is an ultimate component suite for JavaServer Faces. Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the attribute `value` of `p:menuItem` inside `p:stack`. How to fix Cross-site Scripting (XSS)? Upgrade `org.primefaces:primefaces` to version 12.0.0-RC1 or higher.	[0,12.0.0-RC1)
M Cross-site Scripting (XSS) org.primefaces:primefaces is an ultimate component suite for JavaServer Faces. Affected versions of this package are vulnerable to Cross-site Scripting (XSS) in `tooltip/tooltip.js`, which accepts input that is later used as a tooltip title, without proper validation. How to fix Cross-site Scripting (XSS)? Upgrade `org.primefaces:primefaces` to version 8.0 or higher.	[0,8.0)
M Information Exposure org.primefaces:primefaces is an ultimate component suite for JavaServer Faces. Affected versions of this package are vulnerable to Information Exposure because `{{h:inputText maxlength}}` is validated on client side only. However, client side validation may be bypassed easily. How to fix Information Exposure? Upgrade `org.primefaces:primefaces` to version 7.0.RC1 or higher.	[0,7.0.RC1)

Vulnerability

Vulnerable Version

Cross-site Scripting (XSS)

org.primefaces:primefaces is an ultimate component suite for JavaServer Faces.

Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the attribute label of p:chip.