Описание
Cross-site scripting (XSS) vulnerability in Direct Web Remoting (DWR) through 2.0.10 and 3.x through 3.0.RC2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Уязвимые конфигурации
Конфигурация 1Версия до 2.0.10 (включая)
Одно из
cpe:2.3:a:directwebremoting:direct_web_remoting:*:*:*:*:*:*:*:*
cpe:2.3:a:directwebremoting:direct_web_remoting:3.0:rc1:*:*:*:*:*:*
cpe:2.3:a:directwebremoting:direct_web_remoting:3.0:rc2:*:*:*:*:*:*
EPSS
Процентиль: 44%
0.00217
Низкий
4.3 Medium
CVSS2
Дефекты
CWE-79
Связанные уязвимости
redhat
около 11 лет назад
Cross-site scripting (XSS) vulnerability in Direct Web Remoting (DWR) through 2.0.10 and 3.x through 3.0.RC2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
debian
около 11 лет назад
Cross-site scripting (XSS) vulnerability in Direct Web Remoting (DWR) ...
github
больше 3 лет назад
Improper Neutralization of Input During Web Page Generation in Direct Web Remoting
EPSS
Процентиль: 44%
0.00217
Низкий
4.3 Medium
CVSS2
Дефекты
CWE-79