gwt-user is vulnerable to a cross-site scripting (XSS) attack. The library does not sanitize multiple script elements, allowing a malicious user to inject and execute arbitrary Javascript.
CPE | Name | Operator | Version |
---|---|---|---|
gwt-user | le | 2.5.0 | |
gwt-servlet | le | 2.5.0 |
rhn.redhat.com/errata/RHSA-2013-0187.html
www.openwall.com/lists/oss-security/2012/10/31/1
www.securityfocus.com/bid/57538
developers.google.com/web-toolkit/release-notes#Release_Notes_2_4_0
exchange.xforce.ibmcloud.com/vulnerabilities/80331
github.com/gwtproject/gwt/commit/4b1e5710d184205116e0e144b4501feb998e40b6
www.openwall.com/lists/oss-security/2012/10/31/1