Path Traversal
Directory traversal in Eclipse Mojarra allows attackers to read arbitrary files via the loc or con parameter.
Advisories for Maven/Com.sun.faces/Project package
2021
2019
Cross-site Scripting
faces/context/PartialViewContextImpl.java allows Reflected XSS because a client window field is mishandled.
2018
Path Traversal
The getLocalePrefix function in ResourceManager contains a Path Traversal vulnerability.