[Japanese]

JVNDB-2007-000820

Google Web Toolkit vulnerable to cross-site scripting

Overview

Google Web Toolkit (GWT) is vulnerable to cross-site scripting.

Google Web Toolkit (GWT) is an open source software development framework that allows web developers to create Ajax applications in Java.
The benchmark reporting system in GWT is vulnerable to cross-site scripting.
CVSS Severity (What is CVSS?)

CVSS V2 Severity:
Base Metrics 2.6 (Low) [IPA Score]
  • Access Vector: Network
  • Access Complexity: High
  • Authentication: None
  • Confidentiality Impact: None
  • Integrity Impact: Partial
  • Availability Impact: None
Affected Products


Google
  • Google Web Toolkit 1.4.60 and earlier

Impact

An arbitrary script can be executed on the user's web browser.
Solution

[Update the Software]
Apply the latest update provided by the vendor.
For more information, refer to the vendor's website.
Vendor Information

Google
CWE (What is CWE?)

  1. Cross-site Scripting(CWE-79) [NVD Evaluation]
CVE (What is CVE?)

  1. CVE-2007-6452
References

  1. JVN : JVN#75130343
  2. National Vulnerability Database (NVD) : CVE-2007-6452
  3. Secunia Advisory : SA28122
  4. SecurityFocus : 26915
  5. FrSIRT Advisories : FrSIRT/ADV-2007-4248
Revision History

  • [2008/05/21]
      Web page published