VDB
DEBIAN-CVE-2013-5855
DEBIAN-CVE-2013-5855
PUBLISHED
CVSS 9.300000190734863 CRITICAL
Oracle Mojarra 2.2.x before 2.2.6 and 2.1.x before 2.1.28 does not perform appropriate encoding when a (1) <h:outputText> tag or (2) EL expression is used after a scriptor style block, which allows remote attackers to conduct cross-site scripting (XSS) attacks via application-specific vectors.
Risk Scores
CVSS 4.0
9.300000190734863
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:13 | mojarra | 0, 0, 0 |
| Debian:12 | mojarra | 0, 0, 0 |
| Debian:14 | mojarra | 0, 0, 0 |
| Debian:11 | mojarra | 0, 0, 0 |
Timeline
- Jul 17, 2014 CVE Published
- Apr 28, 2026 CVE Updated