CVE-2019-25027

Summary

Missing output sanitization in default RouteNotFoundError view in com.vaadin:flow-server versions 1.0.0 through 1.0.10 (Vaadin 10.0.0 through 10.0.13), and 1.1.0 through 1.4.2 (Vaadin 11.0.0 through 13.0.5) allows attacker to execute malicious JavaScript via crafted URL

Affected Software

VendorProductVersion RangeStatus
VaadinVaadin10.0.0 < *affected
Vaadinflow-server1.0.0 < *affected

Weaknesses

  • CWE-81: CWE-81 Improper Neutralization of Script in an Error Message Web Page

ADP Enrichment

CVE Program Container

Additional References

References