JVN#91502163: Direct Web Remoting (DWR) vulnerable to XML external entity injection
Direct Web Remoting DWR is a Java framework for developing Ajax into web applications. DWR contains an XML external entity injection vulnerability CWE-611. Impact When an application uses a function to convert DOM data DOMConverter, JDOMConverter, DOM4JConverter or XOMConverter and a specially...