VDB
RHSA-2014%3A0910
RHSA-2014%3A0910
PUBLISHED
CVSS 4.300000190734863 MEDIUM
It was found that Mojarra JavaServer Faces did not properly escape user-supplied content in certain circumstances. Contents of outputText tags and raw EL expressions that immediately follow script or style elements were not escaped. A remote attacker could use a specially crafted URL to execute arbitrary web script in the user's browser.
Risk Scores
CVSS 2.0
4.300000190734863
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | Red Hat JBoss Operations Network 3.2 |
Timeline
- Jul 21, 2014 CVE Published
- Apr 29, 2026 Distribution Patch
- Apr 29, 2026 Distribution Patch
- Apr 29, 2026 Security Advisory
- Apr 29, 2026 Security Advisory
- Apr 29, 2026 Security Advisory
- Apr 29, 2026 Security Advisory
- Apr 29, 2026 Security Advisory
- May 14, 2026 CVE Updated
References
- https://access.redhat.com/errata/RHSA-2014:0910 advisory
- https://access.redhat.com/security/updates/classification/#important advisory
- https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=em&downloadType=securityPatches&version=3.2.0 advisory
- https://access.redhat.com/documentation/en-US/Red_Hat_JBoss_Operations_Network/ advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=1063641 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=1065139 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=1092783 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=1112987 issue
- https://security.access.redhat.com/data/csaf/v2/advisories/2014/rhsa-2014_0910.json advisory
- https://access.redhat.com/security/cve/CVE-2013-5855 advisory
- https://www.cve.org/CVERecord?id=CVE-2013-5855 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2013-5855 advisory
- http://h30499.www3.hp.com/t5/HP-Security-Research-Blog/JSF-outputText-tag-the-good-the-bad-and-the-ugly/bc-p/6370209 advisory
- https://access.redhat.com/security/cve/CVE-2014-0058 advisory
- https://www.cve.org/CVERecord?id=CVE-2014-0058 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2014-0058 advisory
- https://access.redhat.com/security/cve/CVE-2014-0193 advisory
- https://www.cve.org/CVERecord?id=CVE-2014-0193 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2014-0193 advisory
- https://access.redhat.com/security/cve/CVE-2014-3530 advisory
…and 2 more