CVE-2010-2086
CVSS v2.0
4 (Medium)
EPSS
1.85 % (89th)
Affected Products
1
Advisories
1
Apache MyFaces 1.1.7 and 1.2.8, as used in IBM WebSphere Application Server and other applications, does not properly handle an unencrypted view state, which allows remote attackers to conduct cross-site scripting (XSS) attacks or execute arbitrary Expression Language (EL) statements via vectors that involve modifying the serialized view object.
Weaknesses
- CWE-79
- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
- CVE Status
- PUBLISHED
- CNA
- MITRE
- Published Date
-
2010-05-27 19:00:01
(14 years ago) - Updated Date
-
2010-05-28 04:00:00
(14 years ago)
Affected Products
Loading...
Loading...
Loading...
Configuration #1
|
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...