XSS vulnerability for Primeface

UI Components for JSF
Post Reply
sinphang
Posts: 1
Joined: 19 Apr 2017, 11:07

19 Apr 2017, 11:10

XSS vulnerability for Primeface, will this resolve in Elite version? What is the resolution for us in getting rid of XSS security vulnerability.
The version of jQuery 1.11.0 contains well-known vulnerabilities which may lead to cross-site scripting and credential/session theft. The following functions are known to be vulnerable. Can check which Primeface version will resolve this?
1) ""location.hash""
2) ""id""
3) ""class""
4) "":first""
5) ""document.referrer"""

Melloware
Posts: 3716
Joined: 22 Apr 2013, 15:48

20 Apr 2017, 02:22

You can read about this issue here:

https://github.com/primefaces/primefaces/issues/2204
PrimeFaces Developer | PrimeFaces Extensions Developer
GitHub Profile: https://github.com/melloware
PrimeFaces Elite 13.0.0 / PF Extensions 13.0.0
PrimeReact 9.6.1

Post Reply

Return to “PrimeFaces”

  • Information
  • Who is online

    Users browsing this forum: No registered users and 21 guests