Description
Missing variable sanitization in Grid component in com.vaadin:vaadin-server versions 7.4.0 through 7.7.19 (Vaadin 7.4.0 through 7.7.19), and 8.0.0 through 8.8.4 (Vaadin 8.0.0 through 8.8.4) allows attacker to inject malicious JavaScript via unspecified vector
Remediation
References
https://vaadin.com/security/cve-2019-25028
https://github.com/vaadin/framework/pull/11645
https://github.com/vaadin/framework/pull/11644
Related Vulnerabilities
CVE-2022-31777 Vulnerability in maven package org.apache.spark:spark-core_2.12
CVE-2022-23059 Vulnerability in maven package com.shopizer:sm-shop-model
CVE-2023-48293 Vulnerability in maven package org.xwiki.contrib:xwiki-application-admintools
CVE-2019-10169 Vulnerability in maven package org.keycloak:keycloak-authz-client
CVE-2023-24057 Vulnerability in maven package ca.uhn.hapi.fhir:org.hl7.fhir.convertors