Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Directwebremoting Subscribe
Filtered by product Direct Web Remoting
Total 2 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2014-5325 1 Directwebremoting 1 Direct Web Remoting 2016-11-28 5.0 MEDIUM N/A
The (1) DOMConverter, (2) JDOMConverter, (3) DOM4JConverter, and (4) XOMConverter functions in Direct Web Remoting (DWR) through 2.0.10 and 3.x through 3.0.RC2 allow remote attackers to read arbitrary files via DOM data containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
CVE-2014-5326 1 Directwebremoting 1 Direct Web Remoting 2014-11-24 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Direct Web Remoting (DWR) through 2.0.10 and 3.x through 3.0.RC2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.