CVE-2019-25027
6.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
Missing output sanitization in default RouteNotFoundError view in com.vaadin:flow-server versions 1.0.0 through 1.0.10 (Vaadin 10.0.0 through 10.0.13), and 1.1.0 through 1.4.2 (Vaadin 11.0.0 through 13.0.5) allows attacker to execute malicious JavaScript via crafted URL
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Vaadin | Vaadin | 10.0.0 < * | affected |
| Vaadin | flow-server | 1.0.0 < * | affected |
Weaknesses
- CWE-81: CWE-81 Improper Neutralization of Script in an Error Message Web Page
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.