mirror of
https://github.com/0xMarcio/cve.git
synced 2025-12-14 20:08:44 +00:00
770 B
770 B
CVE-2017-17837
Description
The Apache DeltaSpike-JSF 1.8.0 module has a XSS injection leak in the windowId handling. The default size of the windowId get's cut off after 10 characters (by default), so the impact might be limited. A fix got applied and released in Apache deltaspike-1.8.1.
POC
Reference
Github
No PoCs found on GitHub currently.