Mojarra CVEs and Security Vulnerabilities

Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (6 CVEs found)

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2013-5855	2 Oracle, Redhat	8 Mojarra, Jboss Bpms, Jboss Brms and 5 more	2025-04-12	N/A
Oracle Mojarra 2.2.x before 2.2.6 and 2.1.x before 2.1.28 does not perform appropriate encoding when a (1) <h:outputText> tag or (2) EL expression is used after a scriptor style block, which allows remote attackers to conduct cross-site scripting (XSS) attacks via application-specific vectors.
CVE-2012-2672	2 Oracle, Redhat	2 Mojarra, Jboss Enterprise Application Platform	2025-04-11	N/A
Oracle Mojarra 2.1.7 does not properly "clean up" the FacesContext reference during startup, which allows local users to obtain context information an access resources from another WAR file by calling the FacesContext.getCurrentInstance function.
CVE-2010-4007	1 Oracle	1 Mojarra	2025-04-11	N/A
Oracle Mojarra uses an encrypted View State without a Message Authentication Code (MAC), which makes it easier for remote attackers to perform successful modifications of the View State via a padding oracle attack, a related issue to CVE-2010-2057.
CVE-2010-2087	3 Caucho, Ibm, Oracle	3 Resin, Websphere Application Server, Mojarra	2025-04-11	N/A
Oracle Mojarra 1.2_14 and 2.0.2, as used in IBM WebSphere Application Server, Caucho Resin, and other applications, does not properly handle an unencrypted view state, which allows remote attackers to conduct cross-site scripting (XSS) attacks or execute arbitrary Expression Language (EL) statements via vectors that involve modifying the serialized view object.
CVE-2020-6950	3 Eclipse, Oracle, Redhat	14 Mojarra, Banking Enterprise Default Management, Banking Platform and 11 more	2024-11-21	6.5 Medium
Directory traversal in Eclipse Mojarra before 2.3.14 allows attackers to read arbitrary files via the loc parameter or con parameter.
CVE-2019-17091	2 Eclipse, Oracle	23 Mojarra, Application Testing Suite, Banking Enterprise Product Manufacturing and 20 more	2024-11-21	6.1 Medium
faces/context/PartialViewContextImpl.java in Eclipse Mojarra, as used in Mojarra for Eclipse EE4J before 2.3.10 and Mojarra JavaServer Faces before 2.2.20, allows Reflected XSS because a client window field is mishandled.

Page 1 of 1.