Cross-Site Scripting Vulnerability in Google Web Toolkit and JBoss Operations Network
CVE-2012-5920

Currently unrated

Key Information:

Vendor: Google
Status: Web Toolkit
Vendor: CVE Published:; 20 November 2012

Summary

A cross-site scripting (XSS) vulnerability has been identified in Google Web Toolkit (GWT) versions 2.4 through 2.5 Final, which is integrated into JBoss Operations Network (ON) 3.1.1 and potentially other applications. This security flaw allows remote attackers to inject arbitrary web scripts or HTML into affected systems through unspecified vectors, posing a significant risk to the integrity of web applications utilizing these frameworks. The issue arises from an incomplete fix associated with a previous security concern, necessitating immediate attention from developers and system administrators.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/80331

vdb-entryx_refsource_XF

https://developers.google.com/web-toolkit/release-notes#R...

x_refsource_CONFIRM

http://www.securityfocus.com/bid/57538

vdb-entryx_refsource_BID

Timeline

Vulnerability published
Nov 20, 2012
Vulnerability Reserved
Nov 19, 2012