Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Mon, 5 Aug 2013 00:56:40 -0400 (EDT)
From: David Jorm <>
To: oss-security <>
Subject: CVE request: XSS in Google Web Toolkit (GWT)

I note that with the release of Google Web Toolkit (GWT) 2.5.1, a security flaw has been resolved: ("Security Fixes")

The release notes state:
Fixed an XSS vulnerability in html files used by GWTTestCase (patch). These files will only be included in a GWT app if it depends on the JUnit module. Despite the fix, this is not recommended.

The patch is here:

I have reproduced this flaw and can confirm it is reflected XSS. I have previously contacted asking for CVE IDs for GWT flaws, but never received a response. Please assign a CVE ID to this flaw.

David Jorm / Red Hat Security Response Team

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ