faces/context/PartialViewContextImpl.java in Eclipse Mojarra, as used in Mojarra for Eclipse EE4J before 2.3.10 and Mojarra JavaServer Faces before 2.2.20, allows Reflected XSS because a client window field is mishandled.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
History
06 Apr 2022, 18:00
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://www.oracle.com/security-alerts/cpujan2022.html - Patch, Third Party Advisory | |
References | (MISC) https://www.oracle.com/security-alerts/cpujan2021.html - Patch, Third Party Advisory | |
References | (MISC) https://www.oracle.com/security-alerts/cpujan2020.html - Patch, Third Party Advisory | |
References | (MISC) https://www.oracle.com/security-alerts/cpujul2020.html - Patch, Third Party Advisory | |
References | (MISC) https://www.oracle.com/security-alerts/cpuoct2020.html - Patch, Third Party Advisory | |
References | (N/A) https://www.oracle.com/security-alerts/cpuapr2020.html - Patch, Third Party Advisory | |
References | (MISC) https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html - Patch, Third Party Advisory | |
First Time |
Oracle retail Advanced Inventory Planning
Oracle healthcare Data Repository Oracle retail Financial Integration Oracle retail Merchandising System Oracle communications Diameter Signaling Router Oracle retail Integration Bus Oracle secure Global Desktop Oracle enterprise Data Quality Oracle retail Bulk Data Integration Oracle health Sciences Information Manager Oracle retail Invoice Matching Oracle retail Assortment Planning Oracle rapid Planning Oracle time And Labor Oracle retail Service Backbone Oracle banking Enterprise Product Manufacturing Oracle primavera P6 Enterprise Project Portfolio Management Oracle communications Network Integrity Oracle application Testing Suite Oracle communications Unified Inventory Management Oracle retail Store Inventory Management |
|
CPE | cpe:2.3:a:oracle:retail_integration_bus:16.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:19.12.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_network_integrity:7.3.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_store_inventory_management:16.0.3:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_enterprise_product_manufacturing:2.7.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_service_backbone:16.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_store_inventory_management:15.0.3:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:health_sciences_information_manager:3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_financial_integration:16.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_financial_integration:15.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_merchandising_system:16.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:enterprise_data_quality:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_advanced_inventory_planning:16.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_integration_bus:15.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_network_integrity:7.3.5:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_store_inventory_management:14.1.3:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_assortment_planning:16.0.3:*:*:*:*:*:*:* cpe:2.3:a:oracle:secure_global_desktop:5.4:*:*:*:*:*:*:* cpe:2.3:a:oracle:secure_global_desktop:5.5:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_store_inventory_management:14.0.4:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_advanced_inventory_planning:15.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:application_testing_suite:13.2.0.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:rapid_planning:12.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_invoice_matching:16.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:healthcare_data_repository:7.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_enterprise_product_manufacturing:2.8.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_service_backbone:15.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_bulk_data_integration:16.0.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:rapid_planning:12.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:time_and_labor:*:*:*:*:*:*:*:* |
07 Feb 2022, 16:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
20 Jan 2021, 15:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
Information
Published : 2019-10-02 14:15
Updated : 2023-12-10 13:13
NVD link : CVE-2019-17091
Mitre link : CVE-2019-17091
CVE.ORG link : CVE-2019-17091
JSON object : View
Products Affected
oracle
- application_testing_suite
- retail_advanced_inventory_planning
- retail_store_inventory_management
- health_sciences_information_manager
- retail_financial_integration
- time_and_labor
- banking_enterprise_product_manufacturing
- primavera_p6_enterprise_project_portfolio_management
- retail_bulk_data_integration
- mojarra_javaserver_faces
- communications_unified_inventory_management
- secure_global_desktop
- retail_assortment_planning
- retail_service_backbone
- communications_diameter_signaling_router
- retail_integration_bus
- retail_merchandising_system
- retail_invoice_matching
- communications_network_integrity
- healthcare_data_repository
- rapid_planning
- enterprise_data_quality
eclipse
- mojarra
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')