VDB
CVE-2013-5855
CVE-2013-5855
REJECTED
Oracle Mojarra 2.2.x before 2.2.6 and 2.1.x before 2.1.28 does not perform appropriate encoding when a (1) <h:outputText> tag or (2) EL expression is used after a scriptor style block, which allows remote attackers to conduct cross-site scripting (XSS) attacks via application-specific vectors.
EPSS 2.32% · 85.1th percentile
Risk Scores
EPSS Score
2.32%
85.1th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:16.04:LTS | mojarra | 0, 2.2.8-1 |
| Ubuntu:18.04:LTS | mojarra | 0, 2.2.8-3, 2.2.8-4 |
Exploit Intelligence
- ZorvithonLeo/Exploit-CVE-2014-4210- (github-poc)
- ZorvithonLeo/Exploit-CVE-2014-4210- (github-poc)
- ZorvithonLeo/Exploit-CVE-2014-4210- (github-poc)
- ZorvithonLeo/Exploit-CVE-2014-4210- (github-poc)
- ZorvithonLeo/Exploit-CVE-2014-4210- (github-poc)
- ZorvithonLeo/Exploit-CVE-2014-4210- (github-poc)
- Weblogic SearchPublicRegistries SSRF(CVE-2014-4210) Exploit Script based on Python3 (github-poc)
- Weblogic SearchPublicRegistries SSRF(CVE-2014-4210) Exploit Script based on Python3 (github-poc)
- Weblogic SearchPublicRegistries SSRF(CVE-2014-4210) Exploit Script based on Python3 (github-poc)
- Weblogic SearchPublicRegistries SSRF(CVE-2014-4210) Exploit Script based on Python3 (github-poc)
…and 20 more exploits
Timeline
- Jul 16, 2014 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 7, 2023 EPSS Score
- Mar 17, 2025 EPSS Score
- Mar 20, 2025 EPSS Score
- Mar 22, 2025 EPSS Score
- Mar 24, 2025 EPSS Score
- Mar 25, 2025 EPSS Score
- Mar 26, 2025 EPSS Score
- Mar 29, 2025 EPSS Score
- Mar 30, 2025 EPSS Score
- May 1, 2025 EPSS Score
References
- https://ubuntu.com/security/CVE-2013-5855 third-party-advisory
- https://java.net/jira/browse/JAVASERVERFACES-3150 third-party-advisory
- https://java.net/projects/mojarra/sources/svn/revision/12793 third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2013-5855 third-party-advisory