Cross-Site Scripting (XSS) vulnerability in com.vaadin:flow-server versions 1.0.0 through 1.0.10 and 1.1.0 through 1.4.2
CVE-2019-25027 · MEDIUM Severity
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Missing output sanitization in default RouteNotFoundError view in com.vaadin:flow-server versions 1.0.0 through 1.0.10 (Vaadin 10.0.0 through 10.0.13), and 1.1.0 through 1.4.2 (Vaadin 11.0.0 through 13.0.5) allows attacker to execute malicious JavaScript via crafted URL
Learn more about our Cis Benchmark Audit For Server Software.