cbcvebase.
CVE-2019-17091
published 2019-10-02

CVE-2019-17091: faces/context/PartialViewContextImpl.java in Eclipse Mojarra, as used in Mojarra for Eclipse EE4J before 2.3.10 and Mojarra JavaServer Faces before 2.2.20…

medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
faces/context/PartialViewContextImpl.java in Eclipse Mojarra, as used in Mojarra for Eclipse EE4J before 2.3.10 and Mojarra JavaServer Faces before 2.2.20, allows Reflected XSS because a client window field is mishandled.

Affected

41 ranges· showing 25
VendorProductVersion rangeFixed in
debianmojarra
eclipsemojarra>= 2.3.0 < 2.3.102.3.10
oracleapplication_testing_suite
oracleapplication_testing_suite
oraclebanking_enterprise_product_manufacturing
oraclebanking_enterprise_product_manufacturing
oraclecommunications_diameter_signaling_router8.0.0.0 – 8.4.0.5
oraclecommunications_network_integrity
oraclecommunications_network_integrity
oraclecommunications_unified_inventory_management
oraclecommunications_unified_inventory_management
oracleenterprise_data_quality
oraclehealth_sciences_information_manager
oraclehealthcare_data_repository
oraclemojarra_javaserver_faces>= 2.2.0 < 2.2.202.2.20
oracleprimavera_p6_enterprise_project_portfolio_management
oracleprimavera_p6_enterprise_project_portfolio_management15.1.0.0 – 15.2.18.7
oracleprimavera_p6_enterprise_project_portfolio_management16.1.0.0 – 16.2.19.0
oracleprimavera_p6_enterprise_project_portfolio_management17.1.0.0 – 17.12.15.0
oracleprimavera_p6_enterprise_project_portfolio_management18.1.0.0 – 18.8.15.0
oraclerapid_planning
oraclerapid_planning
oracleretail_advanced_inventory_planning
oracleretail_advanced_inventory_planning
oracleretail_assortment_planning