During my researches for security issues in popular web frameworks, I stumbled upon a flaw in the Primefaces JSF Framework, discovered by Minded Security back in 2016. I also found this nice summary…