Description

Cross-site scripting (XSS) vulnerability in Direct Web Remoting (DWR) through 2.0.10 and 3.x through 3.0.RC2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Remediation

References

http://jvn.jp/en/jp/JVN52422792/index.html

http://jvndb.jvn.jp/jvndb/JVNDB-2014-000118

Related Vulnerabilities

CVE-2023-35161 Vulnerability in maven package org.xwiki.platform:xwiki-platform-appwithinminutes-ui

CVE-2022-29252 Vulnerability in maven package org.xwiki.platform:xwiki-platform-wiki-ui-mainwiki

CVE-2022-1291 Vulnerability in maven package org.webjars.bower:tableexport.jquery.plugin

CVE-2016-10735 Vulnerability in maven package org.jszip.redist:bootstrap

CVE-2018-1999005 Vulnerability in maven package org.jenkins-ci.main:jenkins-core

Severity

Critical

Classification

CWE-79