Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

GHSA-q74r-4xw3-ppx9

GitHub Security Advisory

Stored cross-site scripting in Grid component in Vaadin 7 and 8

✓ GitHub Reviewed MODERATE Has CVE
View on GitHub

Advisory Details

Missing variable sanitization in `Grid` component in `com.vaadin:vaadin-server` versions 7.4.0 through 7.7.19 (Vaadin 7.4.0 through 7.7.19), and 8.0.0 through 8.8.4 (Vaadin 8.0.0 through 8.8.4) allows attacker to inject malicious JavaScript via unspecified vector.

- https://vaadin.com/security/cve-2019-25028

Affected Packages

Maven com.vaadin:vaadin-bom
Affected versions: 7.4.0 (fixed in 7.7.20)
Maven com.vaadin:vaadin-bom
Affected versions: 8.0.0 (fixed in 8.8.5)
Maven com.vaadin:vaadin-server
Affected versions: 7.4.0 (fixed in 7.7.20)
Maven com.vaadin:vaadin-server
Affected versions: 8.0.0 (fixed in 8.8.5)

Related CVEs

CVE-2019-25028

Key Information

GHSA ID
GHSA-q74r-4xw3-ppx9
Published
April 19, 2021 2:49 PM
Last Modified
April 16, 2021 11:15 PM
CVSS Score
5.0 /10
Primary Ecosystem
Maven
Primary Package
com.vaadin:vaadin-bom
GitHub Reviewed
✓ Yes

Dataset

Last updated: July 1, 2025 6:26 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.