Cross-Site Scripting Vulnerabilities in Google Web Toolkit
CVE-2013-4204

Currently unrated

Key Information:

Vendor: Google
Status: Web Toolkit
Vendor: CVE Published:; 18 November 2013

Summary

Multiple cross-site scripting (XSS) vulnerabilities exist in the JUnit files included with the Google Web Toolkit (GWT) before version 2.5.1 RC1. These vulnerabilities allow remote attackers to inject arbitrary web scripts or HTML into pages viewed by users, potentially compromising the integrity of web applications that utilize GWT. The affected vectors remain unspecified, posing a significant risk to applications relying on this framework.

References

http://www.openwall.com/lists/oss-security/2013/08/05/1

mailing-listx_refsource_MLIST

http://www.securityfocus.com/bid/61590

vdb-entryx_refsource_BID

http://www.openwall.com/lists/oss-security/2013/08/05/3

mailing-listx_refsource_MLIST

Timeline

Vulnerability published
Nov 18, 2013
Vulnerability Reserved
Jun 12, 2013