Description
An XSS issue was discovered in tooltip/tooltip.js in PrimeTek PrimeFaces 7.0.11. In a web application using PrimeFaces, an attacker can provide JavaScript code in an input field whose data is later used as a tooltip title without any input validation.
Remediation
References
https://github.com/primefaces/primefaces/issues/5642
Related Vulnerabilities
CVE-2017-16101 Vulnerability in npm package serverwg
CVE-2021-21293 Vulnerability in maven package org.http4s:blaze-core_2.12
CVE-2011-3389 Vulnerability in npm package faye
CVE-2016-2402 Vulnerability in maven package com.squareup.okhttp3:okhttp
CVE-2017-12611 Vulnerability in maven package org.apache.struts:struts2-core