Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Apache Subscribe
Filtered by product Deltaspike
Total 2 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-12416 1 Apache 1 Deltaspike 2023-01-20 4.3 MEDIUM 6.1 MEDIUM
we got reports for 2 injection attacks against the DeltaSpike windowhandler.js. This is only active if a developer selected the ClientSideWindowStrategy which is not the default.
CVE-2017-17837 1 Apache 1 Deltaspike 2022-04-19 4.3 MEDIUM 6.1 MEDIUM
The Apache DeltaSpike-JSF 1.8.0 module has a XSS injection leak in the windowId handling. The default size of the windowId get's cut off after 10 characters (by default), so the impact might be limited. A fix got applied and released in Apache deltaspike-1.8.1.