CVE-2014-5326
EPSS 0.22%Improper Neutralization of Input During Web Page Generation in Direct Web Remoting
Published: 5/17/2022Modified: 12/7/2024
Also known as:GHSA-q5v2-2v66-6hwm
Description
Cross-site scripting (XSS) vulnerability in Direct Web Remoting (DWR) through 2.0.10 and 3.x through 3.0.RC2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Affected packages (1)
- Maven/org.directwebremoting:dwrfrom 0, < 2.0.11