CVE-2013-5855

Published Jul 17, 2014
Last updated 3 months ago
CVSS info 4.3
Overview

Description: Oracle Mojarra 2.2.x before 2.2.6 and 2.1.x before 2.1.28 does not perform appropriate encoding when a (1) <h:outputText> tag or (2) EL expression is used after a scriptor style block, which allows remote attackers to conduct cross-site scripting (XSS) attacks via application-specific vectors.
Source: secalert_us@oracle.com
NVD status: Modified
Risk scores

CVSS 2.0

Type: Primary
Base score: 4.3
Impact score: 2.9
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:N/I:P/A:N
Weaknesses

nvd@nist.gov: CWE-79
Hype score: Not currently trending
Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:oracle:mojarra:2.1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8D545A6A-CA1E-40F4-AFEF-8A22F1963959"
          },
          {
            "criteria": "cpe:2.3:a:oracle:mojarra:2.1.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F9ED4467-18CC-4710-8343-0B5D3F1E0E8E"
          },
          {
            "criteria": "cpe:2.3:a:oracle:mojarra:2.1.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2629C89A-14F7-4642-ABC7-17428751563B"
          },
          {
            "criteria": "cpe:2.3:a:oracle:mojarra:2.1.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0C44BE8D-C99C-45B7-BE72-5B4587F11DD5"
          },
          {
            "criteria": "cpe:2.3:a:oracle:mojarra:2.1.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2BE4C509-061C-49FF-99CA-848EF82F0FFA"
          },
          {
            "criteria": "cpe:2.3:a:oracle:mojarra:2.1.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "283ECF0D-ED11-4D5C-8995-E93785CD1886"
          },
          {
            "criteria": "cpe:2.3:a:oracle:mojarra:2.1.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8F8F944C-42A2-4E4D-AB97-3800FE7BA086"
          },
          {
            "criteria": "cpe:2.3:a:oracle:mojarra:2.1.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C4FC9BF2-44D9-4514-950D-84E75E27C9BA"
          },
          {
            "criteria": "cpe:2.3:a:oracle:mojarra:2.1.8:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D1ADC8E6-C052-4A4E-B840-4DF68CEFE409"
          },
          {
            "criteria": "cpe:2.3:a:oracle:mojarra:2.1.9:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D2C62BDE-8BF2-4389-9511-BF8B54BF0E2E"
          },
          {
            "criteria": "cpe:2.3:a:oracle:mojarra:2.1.10:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D3AB62D2-3836-43A9-8209-ECC01298DDF7"
          },
          {
            "criteria": "cpe:2.3:a:oracle:mojarra:2.1.11:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CCC9D019-DE8F-4431-A79A-AD3507F993AA"
          },
          {
            "criteria": "cpe:2.3:a:oracle:mojarra:2.1.12:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6E9DEC24-5347-4A2D-A705-74AEFFF0BB59"
          },
          {
            "criteria": "cpe:2.3:a:oracle:mojarra:2.1.13:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3865ED07-C221-4A83-8048-747A030E163F"
          },
          {
            "criteria": "cpe:2.3:a:oracle:mojarra:2.1.14:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "06463192-2C6E-4059-9D56-B3C7D56616A1"
          },
          {
            "criteria": "cpe:2.3:a:oracle:mojarra:2.1.15:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "19A02DAC-B2D0-4043-A9C5-0297D555B79E"
          },
          {
            "criteria": "cpe:2.3:a:oracle:mojarra:2.1.16:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3308CD3A-7D58-4251-85E4-AE16552CA850"
          },
          {
            "criteria": "cpe:2.3:a:oracle:mojarra:2.1.17:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6460D8F1-762C-4703-B32F-2D3AF3075609"
          },
          {
            "criteria": "cpe:2.3:a:oracle:mojarra:2.1.18:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8F53DF75-0B83-4260-9F1C-9131FDAEC751"
          },
          {
            "criteria": "cpe:2.3:a:oracle:mojarra:2.1.19:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B2E4A67F-0E82-4C15-8A07-5FA58EA6C43E"
          },
          {
            "criteria": "cpe:2.3:a:oracle:mojarra:2.1.20:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "56A24C0C-13B2-4E8F-8677-B43D0E81459F"
          },
          {
            "criteria": "cpe:2.3:a:oracle:mojarra:2.1.21:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "656F4F63-5818-45DB-B616-3A82627CBE0C"
          },
          {
            "criteria": "cpe:2.3:a:oracle:mojarra:2.1.22:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AA2C9A44-4977-4D8F-8713-4B8CD08C9C0C"
          },
          {
            "criteria": "cpe:2.3:a:oracle:mojarra:2.1.23:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "970027E5-EC84-4C9F-BB48-0EEDF9C84A1C"
          },
          {
            "criteria": "cpe:2.3:a:oracle:mojarra:2.1.24:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B78471D0-5C90-479F-9318-ACF4CC0CF44B"
          },
          {
            "criteria": "cpe:2.3:a:oracle:mojarra:2.1.25:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "88338F11-4E7D-451D-A265-0EFED5230CCF"
          },
          {
            "criteria": "cpe:2.3:a:oracle:mojarra:2.1.26:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A5BC2BE1-4500-4ABA-A9BF-E84D433C9644"
          },
          {
            "criteria": "cpe:2.3:a:oracle:mojarra:2.1.27:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7DF0069D-EA77-476A-8D74-77D29221391C"
          },
          {
            "criteria": "cpe:2.3:a:oracle:mojarra:2.2.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D53E07D9-826D-4CCB-BFD0-345F3AB669C3"
          },
          {
            "criteria": "cpe:2.3:a:oracle:mojarra:2.2.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A506B90E-C4BE-4A16-901E-5D21AAE4FFD2"
          },
          {
            "criteria": "cpe:2.3:a:oracle:mojarra:2.2.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "945AF3FF-57F8-434C-8B2C-753E9E791A0D"
          },
          {
            "criteria": "cpe:2.3:a:oracle:mojarra:2.2.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9AC60987-2D5B-44A6-BB4B-4E34B095C4C7"
          },
          {
            "criteria": "cpe:2.3:a:oracle:mojarra:2.2.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FC5653BF-E8E4-4844-BFBD-9275DF072173"
          },
          {
            "criteria": "cpe:2.3:a:oracle:mojarra:2.2.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2CD86AF0-3DA1-4A1C-BFAC-1A0ED1B76CDB"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]
Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References
