Description

Cross-site scripting (XSS) vulnerability in Direct Web Remoting (DWR) through 2.0.10 and 3.x through 3.0.RC2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Remediation

References

http://jvn.jp/en/jp/JVN52422792/index.html

http://jvndb.jvn.jp/jvndb/JVNDB-2014-000118

Related Vulnerabilities

CVE-2019-20921 Vulnerability in maven package org.webjars:bootstrap-select

CVE-2021-20323 Vulnerability in maven package org.keycloak:keycloak-core

CVE-2018-8815 Vulnerability in maven package org.opencms:opencms-core

CVE-2016-10735 Vulnerability in maven package org.webjars.npm:bootstrap

CVE-2020-2290 Vulnerability in maven package org.biouno:uno-choice

Severity

Critical

Classification

CWE-79