Vulnerabilities > Vaadin
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-04-23 | CVE-2020-36320 | Resource Exhaustion vulnerability in Vaadin Unsafe validation RegEx in EmailValidator class in com.vaadin:vaadin-server versions 7.0.0 through 7.7.21 (Vaadin 7.0.0 through 7.7.21) allows attackers to cause uncontrolled resource consumption by submitting malicious email addresses. | 5.0 |
2021-04-23 | CVE-2020-36319 | Exposure of Resource to Wrong Sphere vulnerability in Vaadin Flow and Vaadin Insecure configuration of default ObjectMapper in com.vaadin:flow-server versions 3.0.0 through 3.0.5 (Vaadin 15.0.0 through 15.0.4) may expose sensitive data if the application also uses e.g. | 3.5 |
2021-04-23 | CVE-2019-25028 | Cross-site Scripting vulnerability in Vaadin Missing variable sanitization in Grid component in com.vaadin:vaadin-server versions 7.4.0 through 7.7.19 (Vaadin 7.4.0 through 7.7.19), and 8.0.0 through 8.8.4 (Vaadin 8.0.0 through 8.8.4) allows attacker to inject malicious JavaScript via unspecified vector | 4.3 |
2011-01-20 | CVE-2011-0509 | Cross-Site Scripting vulnerability in Vaadin Cross-site scripting (XSS) vulnerability in Vaadin before 6.4.9 allows remote attackers to inject arbitrary web script or HTML via unknown vectors related to the index page. | 4.3 |