Description

Cross-site scripting (XSS) vulnerability in Direct Web Remoting (DWR) through 2.0.10 and 3.x through 3.0.RC2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Remediation

References

http://jvn.jp/en/jp/JVN52422792/index.html

http://jvndb.jvn.jp/jvndb/JVNDB-2014-000118

Related Vulnerabilities

CVE-2016-10549 Vulnerability in npm package sails

CVE-2022-27166 Vulnerability in maven package org.apache.jspwiki:jspwiki-war

CVE-2020-15500 Vulnerability in npm package tileserver-gl

CVE-2022-28730 Vulnerability in maven package org.apache.jspwiki:jspwiki-war

CVE-2018-17193 Vulnerability in maven package org.apache.nifi:nifi-web-utils

Severity

Critical

Classification

CWE-79