Description
Missing variable sanitization in Grid component in com.vaadin:vaadin-server versions 7.4.0 through 7.7.19 (Vaadin 7.4.0 through 7.7.19), and 8.0.0 through 8.8.4 (Vaadin 8.0.0 through 8.8.4) allows attacker to inject malicious JavaScript via unspecified vector
Remediation
References
https://github.com/vaadin/framework/pull/11644
https://github.com/vaadin/framework/pull/11645
https://vaadin.com/security/cve-2019-25028
Related Vulnerabilities
CVE-2021-26117 Vulnerability in maven package org.apache.activemq:activemq-jaas
CVE-2023-26128 Vulnerability in npm package keep-module-latest
CVE-2022-31108 Vulnerability in maven package org.webjars.npm:mermaid
CVE-2022-23623 Vulnerability in npm package frourio
CVE-2022-28157 Vulnerability in maven package com.surenpi.jenkins:phoenix-autotest