Description

Cross-site scripting (XSS) vulnerability in Direct Web Remoting (DWR) through 2.0.10 and 3.x through 3.0.RC2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Remediation

References

CVE-2014-5326

Related Vulnerabilities

XWiki Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2023-29524)

WordPress Plugin Scriptless Social Sharing Cross-Site Scripting (3.2.1)

Joomla Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2020-35614)

AbanteCart Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2022-26521)

WordPress Plugin LIQUID SPEECH BALLOON Cross-Site Scripting (1.0.6)

Severity

Medium

Classification

CVE-2014-5326 CWE-707

Tags

Missing Update Known Vulnerabilities