XSS vulnerability for Primeface

Components, Ajax Framework, Utilities and More.
Post Reply
sinphang
Posts: 1
Joined: 19 Apr 2017, 11:07

19 Apr 2017, 11:10

XSS vulnerability for Primeface, will this resolve in Elite version? What is the resolution for us in getting rid of XSS security vulnerability.
The version of jQuery 1.11.0 contains well-known vulnerabilities which may lead to cross-site scripting and credential/session theft. The following functions are known to be vulnerable. Can check which Primeface version will resolve this?
1) ""location.hash""
2) ""id""
3) ""class""
4) "":first""
5) ""document.referrer"""

User avatar
Melloware
Posts: 269
Joined: 22 Apr 2013, 15:48

20 Apr 2017, 02:22

You can read about this issue here:

https://github.com/primefaces/primefaces/issues/2204
PrimeFaces Extensions Developer
GitHub Profile: https://github.com/melloware
PrimeFaces 6.1.X / PF Extensions 6.1.5

Post Reply
  • Information
  • Who is online

    Users browsing this forum: Bing [Bot], Yahoo [Bot] and 8 guests