Description

Cross-site scripting (XSS) vulnerability in Direct Web Remoting (DWR) through 2.0.10 and 3.x through 3.0.RC2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Remediation

References

http://jvn.jp/en/jp/JVN52422792/index.html

http://jvndb.jvn.jp/jvndb/JVNDB-2014-000118

Related Vulnerabilities

CVE-2018-1999024 Vulnerability in npm package mathjax

CVE-2022-34184 Vulnerability in maven package org.jenkins-ci.plugins:crx-content-package-deployer

CVE-2022-36902 Vulnerability in maven package com.moded.extendedchoiceparameter:dynamic_extended_choice_parameter

CVE-2020-2266 Vulnerability in maven package org.jenkins-ci.plugins:description-column-plugin

CVE-2023-45818 Vulnerability in maven package org.webjars.npm:tinymce

Severity

Critical

Classification

CWE-79