CVE-2013-4204 — Improper Neutralization of Input During Web Page Generation in Google Web Toolki

Description

Multiple cross-site scripting (XSS) vulnerabilities in the JUnit files in the GWTTestCase in Google Web Toolkit (GWT) before 2.5.1 RC1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

How to fix CVE-2013-4204

To remediate CVE-2013-4204, upgrade the affected package to a fixed version below.

Maven/com.google.gwt:gwt—upgrade to 2.5.1 or later

Is CVE-2013-4204 being exploited?

Low — EPSS is 0.2%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

from 0, < 2.5.1

References (7)

ADVISORYnvd.nist.gov/vuln/detail/CVE-2013-4204
WEBaccess.redhat.com/security/cve/CVE-2013-4204
WEBbugzilla.redhat.com/show_bug.cgi?id=992911
WEBwww.gwtproject.org/release-notes.html#Release_Notes_2_5_1_RC1
WEB