Back to search
CVE-2017-17837
Published: Jan 4, 2018
Modified: Sep 17, 2024
PUBLISHED
Description
The Apache DeltaSpike-JSF 1.8.0 module has a XSS injection leak in the windowId handling. The default size of the windowId get's cut off after 10 characters (by default), so the impact might be limited. A fix got applied and released in Apache deltaspike-1.8.1.
| Vendor | Product | Versions |
|---|---|---|
Apache Software Foundation | Apache DeltaSpike | affected 1.8.0 |
References
https://issues.apache.org/jira/browse/DELTASPIKE-1307
x_refsource_CONFIRM
https://git-wip-us.apache.org/repos/asf?p=deltaspike.git%3Bh=4e25023
x_refsource_CONFIRM
[deltaspike-dev] 20210816 Another XSS vulnerability of the same type as CVE-2017-17837
mailing-list
x_refsource_MLIST
[deltaspike-dev] 20210818 Re: Another XSS vulnerability of the same type as CVE-2017-17837
mailing-list
x_refsource_MLIST
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now