Vulnerabilities > Vaadin

DATE CVE VULNERABILITY TITLE RISK
2021-04-23 CVE-2020-36320 Resource Exhaustion vulnerability in Vaadin
Unsafe validation RegEx in EmailValidator class in com.vaadin:vaadin-server versions 7.0.0 through 7.7.21 (Vaadin 7.0.0 through 7.7.21) allows attackers to cause uncontrolled resource consumption by submitting malicious email addresses.
network
low complexity
vaadin CWE-400
5.0
2021-04-23 CVE-2020-36319 Exposure of Resource to Wrong Sphere vulnerability in Vaadin Flow and Vaadin
Insecure configuration of default ObjectMapper in com.vaadin:flow-server versions 3.0.0 through 3.0.5 (Vaadin 15.0.0 through 15.0.4) may expose sensitive data if the application also uses e.g.
network
vaadin CWE-668
3.5
2021-04-23 CVE-2019-25028 Cross-site Scripting vulnerability in Vaadin
Missing variable sanitization in Grid component in com.vaadin:vaadin-server versions 7.4.0 through 7.7.19 (Vaadin 7.4.0 through 7.7.19), and 8.0.0 through 8.8.4 (Vaadin 8.0.0 through 8.8.4) allows attacker to inject malicious JavaScript via unspecified vector
network
vaadin CWE-79
4.3
2011-01-20 CVE-2011-0509 Cross-Site Scripting vulnerability in Vaadin
Cross-site scripting (XSS) vulnerability in Vaadin before 6.4.9 allows remote attackers to inject arbitrary web script or HTML via unknown vectors related to the index page.
network
vaadin CWE-79
4.3