This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Primetek First view 2018-01-03
Product Primefaces Last view 2020-03-13
Version Type
Update  
Edition  
Language  
Sofware Edition  
Target Software  
Target Hardware  
Other  

Activity : Overall

COMMON PLATFORM ENUMERATION: Repartition per Version

CPE Name Affected CVE
cpe:2.3:a:primetek:primefaces:*:*:*:*:*:*:*:* 1
cpe:2.3:a:primetek:primefaces:7.0.11:*:*:*:*:*:*:* 1

Related : CVE

  Date Alert Description
6.1 2020-03-13 CVE-2020-10544

An XSS issue was discovered in tooltip/tooltip.js in PrimeTek PrimeFaces 7.0.11. In a web application using PrimeFaces, an attacker can provide JavaScript code in an input field whose data is later used as a tooltip title without any input validation.

9.8 2018-01-03 CVE-2017-1000486

Primetek Primefaces 5.x is vulnerable to a weak encryption flaw resulting in remote code execution

CWE : Common Weakness Enumeration

%idName
50% (1) CWE-326 Inadequate Encryption Strength
50% (1) CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting')