Vulnerabilities (CVE)

Filtered by vendor Eclipse Subscribe
Filtered by product Mojarra
Total 3 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-6950 2 Eclipse, Oracle 9 Mojarra, Banking Enterprise Default Management, Banking Platform and 6 more 2024-02-28 4.3 MEDIUM 6.5 MEDIUM
Directory traversal in Eclipse Mojarra before 2.3.14 allows attackers to read arbitrary files via the loc parameter or con parameter.
CVE-2019-17091 2 Eclipse, Oracle 23 Mojarra, Application Testing Suite, Banking Enterprise Product Manufacturing and 20 more 2024-02-28 4.3 MEDIUM 6.1 MEDIUM
faces/context/PartialViewContextImpl.java in Eclipse Mojarra, as used in Mojarra for Eclipse EE4J before 2.3.10 and Mojarra JavaServer Faces before 2.2.20, allows Reflected XSS because a client window field is mishandled.
CVE-2018-14371 1 Eclipse 1 Mojarra 2024-02-28 5.0 MEDIUM 7.5 HIGH
The getLocalePrefix function in ResourceManager.java in Eclipse Mojarra before 2.3.7 is affected by Directory Traversal via the loc parameter. A remote attacker can download configuration files or Java bytecodes from applications.