CVE-2017-17837

Summary

The Apache DeltaSpike-JSF 1.8.0 module has a XSS injection leak in the windowId handling. The default size of the windowId get's cut off after 10 characters (by default), so the impact might be limited. A fix got applied and released in Apache deltaspike-1.8.1.

Affected Software

VendorProductVersion RangeStatus
Apache Software FoundationApache DeltaSpike1.8.0affected

Weaknesses

  • Information Disclosure

ADP Enrichment

CVE Program Container

Additional References

References