Description

Cross-site scripting (XSS) vulnerability in Direct Web Remoting (DWR) through 2.0.10 and 3.x through 3.0.RC2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Remediation

References

http://jvndb.jvn.jp/jvndb/JVNDB-2014-000118

http://jvn.jp/en/jp/JVN52422792/index.html

Related Vulnerabilities

CVE-2018-18282 Vulnerability in npm package next

CVE-2022-43420 Vulnerability in maven package org.jenkins-ci.plugins:contrast-continuous-application-security

CVE-2016-8608 Vulnerability in maven package org.jbpm:jbpm-designer-client

CVE-2021-41182 Vulnerability in maven package org.webjars.npm:jquery-ui

CVE-2023-26480 Vulnerability in maven package org.xwiki.platform:xwiki-platform-livedata-webjar

Severity

Critical

Classification

CWE-79