Description

Cross-site scripting (XSS) vulnerability in Direct Web Remoting (DWR) through 2.0.10 and 3.x through 3.0.RC2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Remediation

References

http://jvn.jp/en/jp/JVN52422792/index.html

http://jvndb.jvn.jp/jvndb/JVNDB-2014-000118

Related Vulnerabilities

CVE-2011-4969 Vulnerability in maven package org.wicketstuff:jquery

CVE-2018-6341 Vulnerability in maven package org.webjars.npm:svelte

CVE-2021-23342 Vulnerability in npm package docsify

CVE-2019-15607 Vulnerability in npm package node-red

CVE-2018-3771 Vulnerability in npm package statics-server

Severity

Critical

Classification

CWE-79