1. Home
  2. Vulnerabilities
  3. CVE-2020-10544

CVE-2020-10544

CVSS v3.1 6.1 (Medium)
61% Progress
CVSS v2.0 4.3 (Medium)
43% Progress
EPSS 0.08 % (35th)
0.08% Progress
Affected Products 1
Advisories 2
Info CVSS EPSS CAPEC Affected Configurations References Security Advisories Packages & Software Graph Web & Social Timeline

An XSS issue was discovered in tooltip/tooltip.js in PrimeTek PrimeFaces 7.0.11. In a web application using PrimeFaces, an attacker can provide JavaScript code in an input field whose data is later used as a tooltip title without any input validation.

Weaknesses
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE Status
PUBLISHED
CNA
MITRE
Published Date
2020-03-13 15:15:11
(4 years ago)
Updated Date
2020-03-18 14:45:40
(4 years ago)

Affected Products

Primetek

Configuration #1

    CPE23 From Up To
  Primetek Primefaces 7.0.11 cpe:2.3:a:primetek:primefaces:7.0.11