Every CVE whose affected-product data names Apache Deltaspike, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (2)
CVE-2017-17837 — CVSS 6.1 (medium): The Apache DeltaSpike-JSF 1.8.0 module has a XSS injection leak in the windowId handling. The default size of the windowId get's cut off…
CVE-2019-12416 — CVSS 6.1 (medium): we got reports for 2 injection attacks against the DeltaSpike windowhandler.js. This is only active if a developer selected the…