CVE-2014-5326

UNKNOWN

Cross-site scripting (XSS) vulnerability in Direct Web Remoting (DWR) through 2

Published Nov 24, 2014

Modified 1 years ago

Details

Cross-site scripting (XSS) vulnerability in Direct Web Remoting (DWR) through 2.0.10 and 3.x through 3.0.RC2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

References

ADVISORY

http://jvn.jp/en/jp/JVN52422792/index.html

ADVISORY

http://jvndb.jvn.jp/jvndb/JVNDB-2014-000118

ADVISORY

https://www.cve.org/CVERecord?id=CVE-2014-5326

CVSS Analysis

CVSS v2.0

4.3

Exploitability

Access Vector

NetworkAV:N

Access Complexity

MediumAC:M

Authentication

NoneAu:N

Impact

Confidentiality

NoneC:N

Integrity

PartialI:P

Availability

NoneA:N

4.3/AV:N/AC:M/Au:N/C:N/I:P/A:N

Ecosystems

Timeline

PublishedNov 24, 2014

ModifiedAug 6, 2024