CVE-2013-4204

Multiple cross-site scripting (XSS) vulnerabilities in the JUnit files in the GWTTestCase in Google Web Toolkit (GWT) before 2.5.1 RC1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS v2.0 4.3 MEDIUM

4.3^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://www.gwtproject.org/release-notes.html#Release_Notes_2_5_1_RC1
http://www.openwall.com/lists/oss-security/2013/08/05/1	Patch
http://www.openwall.com/lists/oss-security/2013/08/05/3	Patch
http://www.securityfocus.com/bid/61590

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:google:web_toolkit:1.5.2:::::::*
	cpe:2.3:a:google:web_toolkit:2.4:beta::::::
	cpe:2.3:a:google:web_toolkit:2.5.0:rc1::::::
	cpe:2.3:a:google:web_toolkit:2.1.0:rc1::::::
	cpe:2.3:a:google:web_toolkit:2.1.1:::::::*
	cpe:2.3:a:google:web_toolkit:2.0.4:::::::*
	cpe:2.3:a:google:web_toolkit:2.2.0:::::::*
	cpe:2.3:a:google:web_toolkit:2.0.0:rc1::::::
	cpe:2.3:a:google:web_toolkit::::::::
	cpe:2.3:a:google:web_toolkit:2.1.0:m1::::::
	cpe:2.3:a:google:web_toolkit:1.7.1:::::::*
	cpe:2.3:a:google:web_toolkit:1.4.60:::::::*
	cpe:2.3:a:google:web_toolkit:2.4.5:::::::*
	cpe:2.3:a:google:web_toolkit:1.6.2:rc::::::
	cpe:2.3:a:google:web_toolkit:1.5.3:::::::*
	cpe:2.3:a:google:web_toolkit:1.5.0:rc::::::
	cpe:2.3:a:google:web_toolkit:1.7.0:::::::*
	cpe:2.3:a:google:web_toolkit:2.0.3:::::::*
	cpe:2.3:a:google:web_toolkit:2.0.0:::::::*
	cpe:2.3:a:google:web_toolkit:2.1.0:m3::::::
	cpe:2.3:a:google:web_toolkit:2.4.0:::::::*
	cpe:2.3:a:google:web_toolkit:2.1.0:m2::::::
	cpe:2.3:a:google:web_toolkit:2.3.0:m1::::::
	cpe:2.3:a:google:web_toolkit:1.6.4:::::::*
	cpe:2.3:a:google:web_toolkit:1.5.1:rc2::::::
	cpe:2.3:a:google:web_toolkit:2.0.1:::::::*
	cpe:2.3:a:google:web_toolkit:2.3.0:::::::*
	cpe:2.3:a:google:web_toolkit:2.0.2:::::::*
	cpe:2.3:a:google:web_toolkit:2.5.0:rc2::::::
	cpe:2.3:a:google:web_toolkit:1.6.3:rc2::::::

Information

Published : 2013-11-17 18:55

Updated : 2023-02-12 20:45

NVD link : CVE-2013-4204

Mitre link : CVE-2013-4204

JSON object : View

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Products Affected

google

web_toolkit

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.gwtproject.org/release-notes.html#Release_Notes_2_5_1_RC1", "name": "http://www.gwtproject.org/release-notes.html#Release_Notes_2_5_1_RC1", "tags": [], "refsource": "CONFIRM"}, {"url": "http://www.openwall.com/lists/oss-security/2013/08/05/1", "name": "[oss-security] 20130805 CVE request: XSS in Google Web Toolkit (GWT)", "tags": ["Patch"], "refsource": "MLIST"}, {"url": "http://www.openwall.com/lists/oss-security/2013/08/05/3", "name": "[oss-security] 20130804 Re: CVE request: XSS in Google Web Toolkit (GWT)", "tags": ["Patch"], "refsource": "MLIST"}, {"url": "http://www.securityfocus.com/bid/61590", "name": "61590", "tags": [], "refsource": "BID"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in the JUnit files in the GWTTestCase in Google Web Toolkit (GWT) before 2.5.1 RC1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-79"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2013-4204", "ASSIGNER": "secalert@redhat.com"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "severity": "MEDIUM", "acInsufInfo": false, "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2013-11-18T02:55Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:google:web_toolkit:1.5.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:google:web_toolkit:2.4:beta:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:google:web_toolkit:2.5.0:rc1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:google:web_toolkit:2.1.0:rc1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:google:web_toolkit:2.1.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:google:web_toolkit:2.0.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:google:web_toolkit:2.2.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:google:web_toolkit:2.0.0:rc1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:google:web_toolkit:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "2.5.0"}, {"cpe23Uri": "cpe:2.3:a:google:web_toolkit:2.1.0:m1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:google:web_toolkit:1.7.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:google:web_toolkit:1.4.60:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:google:web_toolkit:2.4.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:google:web_toolkit:1.6.2:rc:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:google:web_toolkit:1.5.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:google:web_toolkit:1.5.0:rc:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:google:web_toolkit:1.7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:google:web_toolkit:2.0.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:google:web_toolkit:2.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:google:web_toolkit:2.1.0:m3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:google:web_toolkit:2.4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:google:web_toolkit:2.1.0:m2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:google:web_toolkit:2.3.0:m1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:google:web_toolkit:1.6.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:google:web_toolkit:1.5.1:rc2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:google:web_toolkit:2.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:google:web_toolkit:2.3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:google:web_toolkit:2.0.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:google:web_toolkit:2.5.0:rc2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:google:web_toolkit:1.6.3:rc2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2023-02-13T04:45Z"}

4.3 /10