Description

Cross-site scripting (XSS) vulnerability in Direct Web Remoting (DWR) through 2.0.10 and 3.x through 3.0.RC2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Remediation

References

http://jvndb.jvn.jp/jvndb/JVNDB-2014-000118

http://jvn.jp/en/jp/JVN52422792/index.html

Related Vulnerabilities

CVE-2020-11023 Vulnerability in maven package org.webjars:jquery

CVE-2022-36098 Vulnerability in maven package org.xwiki.platform:xwiki-platform-mentions-ui

CVE-2019-5422 Vulnerability in npm package buttle

CVE-2019-13127 Vulnerability in maven package org.webjars.bower:mxgraph

CVE-2021-43841 Vulnerability in maven package org.xwiki.platform:xwiki-platform-oldcore

Severity

Critical

Classification

CWE-79