Description
An XSS issue was discovered in tooltip/tooltip.js in PrimeTek PrimeFaces 7.0.11. In a web application using PrimeFaces, an attacker can provide JavaScript code in an input field whose data is later used as a tooltip title without any input validation.
Remediation
References
https://github.com/primefaces/primefaces/issues/5642
Related Vulnerabilities
CVE-2020-8125 Vulnerability in npm package klona
CVE-2016-10665 Vulnerability in npm package herbivore
CVE-2022-45385 Vulnerability in maven package org.jenkins-ci.plugins:dockerhub-notification
CVE-2020-7019 Vulnerability in maven package org.elasticsearch.plugin:x-pack
CVE-2022-45143 Vulnerability in maven package org.apache.tomcat:tomcat-catalina