CVE-2013-5855: Cross-site Scripting

July 17, 2014 (updated October 9, 2018)

When a (1) <h:outputText> tag or (2) EL expression is used after a scriptor style block, attackers could conduct cross-site scripting (XSS) attacks via application-specific vectors.

References

h30499.www3.hp.com/t5/HP-Security-Research-Blog/JSF-outputText-tag-the-good-the-bad-and-the-ugly/bc-p/6370209
bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-5855
java.net/jira/browse/JAVASERVERFACES-3150

Detect and mitigate CVE-2013-5855 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →