Filtered by vendor Apache
Subscriptions
Filtered by product Deltaspike
Subscriptions
Total
2 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-12416 | 1 Apache | 1 Deltaspike | 2024-11-21 | 6.1 Medium |
| we got reports for 2 injection attacks against the DeltaSpike windowhandler.js. This is only active if a developer selected the ClientSideWindowStrategy which is not the default. | ||||
| CVE-2017-17837 | 1 Apache | 1 Deltaspike | 2024-11-21 | 6.1 Medium |
| The Apache DeltaSpike-JSF 1.8.0 module has a XSS injection leak in the windowId handling. The default size of the windowId get's cut off after 10 characters (by default), so the impact might be limited. A fix got applied and released in Apache deltaspike-1.8.1. | ||||
Page 1 of 1.