Vulnerabilities

CVE-2017-17837

by Fred · 04/01/2018

The Apache DeltaSpike-JSF 1.8.0 module has a XSS injection leak in the windowId handling. The default size of the windowId get’s cut off after 10 characters (by default), so the impact might be limited. A fix got applied and released in Apache deltaspike-1.8.1.

Date published : 2018-01-04

https://git-wip-us.apache.org/repos/asf?p=deltaspike.git;h=4e25023

https://issues.apache.org/jira/browse/DELTASPIKE-1307

Similar

Tags: Cybersecurity Alert