Date: Mon, 5 Aug 2013 00:56:40 -0400 (EDT) From: David Jorm <djorm@...hat.com> To: oss-security <oss-security@...ts.openwall.com> Subject: CVE request: XSS in Google Web Toolkit (GWT) I note that with the release of Google Web Toolkit (GWT) 2.5.1, a security flaw has been resolved: http://www.gwtproject.org/release-notes.html#Release_Notes_2_5_1_RC1 ("Security Fixes") The release notes state: Fixed an XSS vulnerability in html files used by GWTTestCase (patch). These files will only be included in a GWT app if it depends on the JUnit module. Despite the fix, this is not recommended. The patch is here: https://code.google.com/p/google-web-toolkit/source/detail?r=11385 I have reproduced this flaw and can confirm it is reflected XSS. I have previously contacted security@...gle asking for CVE IDs for GWT flaws, but never received a response. Please assign a CVE ID to this flaw. Thanks -- David Jorm / Red Hat Security Response Team
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ