Unsanitized Variable Input in Vaadin Grid Component Allows for JavaScript Injection

CVE-2019-25028 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Missing variable sanitization in Grid component in com.vaadin:vaadin-server versions 7.4.0 through 7.7.19 (Vaadin 7.4.0 through 7.7.19), and 8.0.0 through 8.8.4 (Vaadin 8.0.0 through 8.8.4) allows attacker to inject malicious JavaScript via unspecified vector

Learn more about our Cis Benchmark Audit For Server Software.