5 matches found
com.butor:butor-sso (=0.9.0), org.apache.geronimo.assemblies:geronimo-jetty7-javaee5 (>=2.2 <=2.2.1) +31 more potentially affected by CVE-2014-5326 via org.directwebremoting:dwr (=3.0.M1)
org.directwebremoting:dwr MAVEN version =3.0.M1 is affected by a known vulnerability. The following packages have a transitive dependency on org.directwebremoting:dwr and may be impacted: - com.butor:butor-sso =0.9.0 - org.apache.geronimo.assemblies:geronimo-jetty7-javaee5 =2.2, =2.2, =2.2, =2.2,...
com.alibaba.otter:manager.deployer (>=4.2.1 <=4.2.15), com.alibaba.otter:manager.web (>=4.2.1 <=4.2.15) +53 more potentially affected by CVE-2014-5326 via org.directwebremoting:dwr (>=2.0.rc2 <=2.0.11-RELEASE)
org.directwebremoting:dwr MAVEN version =2.0.rc2, =4.2.1, =4.2.1, =2.1, =2.1, =2.1, =2.1, =2.1, =2.1, =2.1, =2.1, =2.1, =2.1, =2.1, =2.1, =2.1.1 and more Source cves: CVE-2014-5326 Source advisory: OSV:GHSA-Q5V2-2V66-6HWM...
SUSE-SU-2018:1743-1 Security update for dwr
This update for dwr fixes the following issues: Security issue fixed: - CVE-2014-5326: Fix cross-site scripting XSS vulnerability bsc1085650...
SUSE-SU-2018:1745-1 Security update for dwr
This update for dwr fixes the following issues: Security issue fixed: - CVE-2014-5326: Fix cross-site scripting XSS vulnerability bsc1085650...
CVE-2014-5326
Cross-site scripting XSS vulnerability in Direct Web Remoting DWR through 2.0.10 and 3.x through 3.0.RC2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...