Security Advisory

CVE-2019-25027

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2021-04-23 16:05:40

Last updated 2024-09-17 01:15:38

Assigner Vaadin

State PUBLISHED

Description

Missing output sanitization in default RouteNotFoundError view in com.vaadin:flow-server versions 1.0.0 through 1.0.10 (Vaadin 10.0.0 through 10.0.13), and 1.1.0 through 1.4.2 (Vaadin 11.0.0 through 13.0.5) allows attacker to execute malicious JavaScript via crafted URL

← Browse all CVEs View on cve.org ↗