Lucene search

GitHub Advisory DatabaseGHSA-X24Q-XWRF-66JM

HistoryMay 17, 2022 - 1:58 a.m.

Improper Neutralization of Input During Web Page Generation in Google Web Toolkit

2022-05-1701:58:13

CWE-79

GitHub Advisory Database

github.com

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.002 Low

EPSS

Percentile

57.6%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in the JUnit files in the GWTTestCase in Google Web Toolkit (GWT) before 2.5.1 RC1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Affected configurations

Vulners

Node

com.google.gwt\Matchgwt

CPENameOperatorVersion
com.google.gwt:gwtlt2.5.1

CPE	Name	Operator	Version
	com.google.gwt:gwt	lt	2.5.1

References

www.gwtproject.org/release-notes.html#Release_Notes_2_5_1_RC1

www.openwall.com/lists/oss-security/2013/08/05/1

www.openwall.com/lists/oss-security/2013/08/05/3

www.securityfocus.com/bid/61590

access.redhat.com/security/cve/CVE-2013-4204

bugzilla.redhat.com/show_bug.cgi?id=992911

github.com/advisories/GHSA-x24q-xwrf-66jm

nvd.nist.gov/vuln/detail/CVE-2013-4204

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.002 Low

EPSS

Percentile

57.6%

JSON

Related for GHSA-X24Q-XWRF-66JM