Vulnerabilities > Oracle > Mojarra Javaserver Faces > 2.2.16

DATE CVE VULNERABILITY TITLE RISK
2019-10-02 CVE-2019-17091 Cross-site Scripting vulnerability in multiple products
faces/context/PartialViewContextImpl.java in Eclipse Mojarra, as used in Mojarra for Eclipse EE4J before 2.3.10 and Mojarra JavaServer Faces before 2.2.20, allows Reflected XSS because a client window field is mishandled. 		4.3
4.3