CVE-2013-5855
Published Jul 17, 2014
Last updated 6 years ago
Overview
- Description
- Oracle Mojarra 2.2.x before 2.2.6 and 2.1.x before 2.1.28 does not perform appropriate encoding when a (1) <h:outputText> tag or (2) EL expression is used after a scriptor style block, which allows remote attackers to conduct cross-site scripting (XSS) attacks via application-specific vectors.
- Source
- secalert_us@oracle.com
- NVD status
- Modified
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 4.3
- Impact score
- 2.9
- Exploitability score
- 8.6
- Vector string
- AV:N/AC:M/Au:N/C:N/I:P/A:N
Weaknesses
- nvd@nist.gov
- CWE-79
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:mojarra:2.1.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8D545A6A-CA1E-40F4-AFEF-8A22F1963959"
},
{
"criteria": "cpe:2.3:a:oracle:mojarra:2.1.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F9ED4467-18CC-4710-8343-0B5D3F1E0E8E"
},
{
"criteria": "cpe:2.3:a:oracle:mojarra:2.1.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2629C89A-14F7-4642-ABC7-17428751563B"
},
{
"criteria": "cpe:2.3:a:oracle:mojarra:2.1.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0C44BE8D-C99C-45B7-BE72-5B4587F11DD5"
},
{
"criteria": "cpe:2.3:a:oracle:mojarra:2.1.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2BE4C509-061C-49FF-99CA-848EF82F0FFA"
},
{
"criteria": "cpe:2.3:a:oracle:mojarra:2.1.5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "283ECF0D-ED11-4D5C-8995-E93785CD1886"
},
{
"criteria": "cpe:2.3:a:oracle:mojarra:2.1.6:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8F8F944C-42A2-4E4D-AB97-3800FE7BA086"
},
{
"criteria": "cpe:2.3:a:oracle:mojarra:2.1.7:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C4FC9BF2-44D9-4514-950D-84E75E27C9BA"
},
{
"criteria": "cpe:2.3:a:oracle:mojarra:2.1.8:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D1ADC8E6-C052-4A4E-B840-4DF68CEFE409"
},
{
"criteria": "cpe:2.3:a:oracle:mojarra:2.1.9:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D2C62BDE-8BF2-4389-9511-BF8B54BF0E2E"
},
{
"criteria": "cpe:2.3:a:oracle:mojarra:2.1.10:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D3AB62D2-3836-43A9-8209-ECC01298DDF7"
},
{
"criteria": "cpe:2.3:a:oracle:mojarra:2.1.11:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CCC9D019-DE8F-4431-A79A-AD3507F993AA"
},
{
"criteria": "cpe:2.3:a:oracle:mojarra:2.1.12:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6E9DEC24-5347-4A2D-A705-74AEFFF0BB59"
},
{
"criteria": "cpe:2.3:a:oracle:mojarra:2.1.13:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3865ED07-C221-4A83-8048-747A030E163F"
},
{
"criteria": "cpe:2.3:a:oracle:mojarra:2.1.14:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "06463192-2C6E-4059-9D56-B3C7D56616A1"
},
{
"criteria": "cpe:2.3:a:oracle:mojarra:2.1.15:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "19A02DAC-B2D0-4043-A9C5-0297D555B79E"
},
{
"criteria": "cpe:2.3:a:oracle:mojarra:2.1.16:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3308CD3A-7D58-4251-85E4-AE16552CA850"
},
{
"criteria": "cpe:2.3:a:oracle:mojarra:2.1.17:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6460D8F1-762C-4703-B32F-2D3AF3075609"
},
{
"criteria": "cpe:2.3:a:oracle:mojarra:2.1.18:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8F53DF75-0B83-4260-9F1C-9131FDAEC751"
},
{
"criteria": "cpe:2.3:a:oracle:mojarra:2.1.19:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B2E4A67F-0E82-4C15-8A07-5FA58EA6C43E"
},
{
"criteria": "cpe:2.3:a:oracle:mojarra:2.1.20:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "56A24C0C-13B2-4E8F-8677-B43D0E81459F"
},
{
"criteria": "cpe:2.3:a:oracle:mojarra:2.1.21:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "656F4F63-5818-45DB-B616-3A82627CBE0C"
},
{
"criteria": "cpe:2.3:a:oracle:mojarra:2.1.22:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "AA2C9A44-4977-4D8F-8713-4B8CD08C9C0C"
},
{
"criteria": "cpe:2.3:a:oracle:mojarra:2.1.23:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "970027E5-EC84-4C9F-BB48-0EEDF9C84A1C"
},
{
"criteria": "cpe:2.3:a:oracle:mojarra:2.1.24:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B78471D0-5C90-479F-9318-ACF4CC0CF44B"
},
{
"criteria": "cpe:2.3:a:oracle:mojarra:2.1.25:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "88338F11-4E7D-451D-A265-0EFED5230CCF"
},
{
"criteria": "cpe:2.3:a:oracle:mojarra:2.1.26:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A5BC2BE1-4500-4ABA-A9BF-E84D433C9644"
},
{
"criteria": "cpe:2.3:a:oracle:mojarra:2.1.27:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7DF0069D-EA77-476A-8D74-77D29221391C"
},
{
"criteria": "cpe:2.3:a:oracle:mojarra:2.2.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D53E07D9-826D-4CCB-BFD0-345F3AB669C3"
},
{
"criteria": "cpe:2.3:a:oracle:mojarra:2.2.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A506B90E-C4BE-4A16-901E-5D21AAE4FFD2"
},
{
"criteria": "cpe:2.3:a:oracle:mojarra:2.2.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "945AF3FF-57F8-434C-8B2C-753E9E791A0D"
},
{
"criteria": "cpe:2.3:a:oracle:mojarra:2.2.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9AC60987-2D5B-44A6-BB4B-4E34B095C4C7"
},
{
"criteria": "cpe:2.3:a:oracle:mojarra:2.2.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FC5653BF-E8E4-4844-BFBD-9275DF072173"
},
{
"criteria": "cpe:2.3:a:oracle:mojarra:2.2.5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2CD86AF0-3DA1-4A1C-BFAC-1A0ED1B76CDB"
}
],
"operator": "OR"
}
]
}
]